SERVER SECURITY
Server security covers the processes and tools used to protect the valuable data and assets held on an organization’s servers, as well as to protect the server’s resources. Due to the sensitive information they hold, servers are frequently targeted by cybercriminals looking to exploit weaknesses in server security for financial gain.
Servers sit at the heart of an organization’s IT infrastructure and allow large numbers of users to access the same information or functionality, often remotely. Generally, they are used to run email systems, power the internet, and host files. The problem, though, is that something as simple as a weak password, missing antivirus software, or user error could expose the business to substantial loss.
To be most effective, security for servers should be arranged in layers. For maximum protection, you need to address potential issues in your network, the server’s operating system, and any applications or software hosted on your server.
Basic server security guidelines
As mentioned in the introduction, we should treat server security in layers. Here are the basic steps of securing a web server that we can use as a foundation for the next layers:
- Make sure to regularly update the server’s OS (operating system) and all applications/software hosted on the server
- Configure the server’s OS to meet server security best practices: enable onlynecessary applications and services, and disable all unnecessary ones.
- Set all the account passwords (change all the default passwords) and use sufficiently strong passwords. Remove default accounts properly.
- Regularly monitor security-related announcements related to your server (i.e. follow your server manufacturer’s blog)
- Employ SSL (Secure Socket Layer) and TLS (Transport Layer Security) according to the data hosted on the server to implement encryption and authentication.
- Configure the server according to the manufacturer/vendor’s best practices. This may include installing the server software on a designated host provider, putting required access controls to sensitive/confidential files, and so on.
- Creating log files for future investigations and recovery purposes. Assign specific log file names accordingly, and make sure your log files won’t fill up the hard drive. Configure the log files to capture all the potentially risky activities (failed logins, sudden spikes in requests, unauthorized user access, etc. )
- Document all changes you’ve made to the system and application hosted in the server, and test all proposed changes before launching them.
Server security checklist
Now that we’ve discussed the basics of what good server security should look like, let’s share our server security checklist to ensure you have it all covered:
Step 1: Identify and record your server details
The first and arguably the most crucial step is to identify and make a note of all the important details of your server, like its MAC address, identification number, model name, etc. This is important so that you can get the right manual, check for compatibility with third-party software, and so on.
Step 2: Ensure physical protection
As mentioned, physical vulnerabilities can also cause serious data breaches and other threats to your server. Make sure your server is properly secured physically to prevent unauthorized access. For example, restrict access to the room where the server is physically located and only allow as few people as possible in this area. Ensure the keys to this room are always stored securely.
Step 3: Set up event logs
Enable traceability and accountability for everyone accessing the server by configuring event logs. Monitor these logs regularly and attend to any suspicious activity including, but not limited to, suspicious account login, changes in system configurations, and changes in permissions. Ideally, your event logs should be backed up on a separate server.
Step 4: Regularly update OS and software
Set a weekly (if possible, daily) schedule to update OS and any software or application hosted on the server. You should implement updates as soon as they are available.
Step 5: Remove unnecessary software
Regularly remove old and unused software, applications and OS components. Disable any unnecessary services. Forgotten unused applications can be just another gateway for hackers to invade your server.
Step 6: Monitor hardware performance
Vulnerabilities in hardware can also be fatal. Make sure to regularly maintain your hardware and perform routine inspections to identify damaged components that might need replacing.
Step 7: Maintain authenticity and integrity
Enforce authentication protocols as needed, for example enforcing the use of password managers and two-factor authentication (2FA) for all system administrators. Remove older administrator accounts that are no longer used.
Step 8: Regular backup
Automate regular server backups with the 3-2-1 backup rule (3 backups, 2 on the same site with the server but on different devices/mediums, and 1 backup copy off-site). Regularly check whether your backups are operating as expected. Test the backup recovery images as needed.
How to secure your server from outside attacks: best practices
In this section, we’ll share some practical server security best practices that you can follow for effective protection:
1. Only use secure connections
It is recommended to use SSH (Secure Shell) to establish a secure connection to your server. SSH actually can replace password-based authentication for your server, and since passwords are always vulnerable to brute force attacks, an SSH connection is better for securing your servers.
SSH utilizes a pair of cryptographic keys with a public and a private key. The public key can be shared with others (hence the name), but the private key must be stored securely by the server administrator. SSH will effectively encrypt all exchanged data.
An additional method to secure your connection is to use proxy servers. Since with a proxy server, your users are hidden behind the proxy’s masked IP address, it’s harder for attackers to target vulnerable user devices to gain access.
2. Install a bot mitigation solution
Many attacks targeting servers are made possible with the use of malicious bots, for example for launching brute force, credential stuffing, and Layer 7 DoS attacks, among others. Thus, securing your server with a proper bot mitigation solution is recommended.
Bot mitigation software can use three different approaches in detecting and managing bot activities:
• Rules-based: in this approach, the bot mitigation solution applies rules to block malicious traffic coming from known bots, specific IP addresses or ranges, etc.
• Challenge-based: the solution uses tests like Captcha to challenge the user. If it’s a legitimate human user, the challenge should be fairly easy to solve, while ideally automated programs (bots) would be unable to solve it.
• AI-based: in this approach, the bot management solution analyzes vast numbers of signals, from OS version to mouse movements, to detect bots that try to mimic human user behavior.
Due to the sophistication of today’s bad bots, a bot management solution that is capable of behavioral-based detection is recommended. DataDome, for example, is an affordable bot management solution that uses AI and machine learning technologies to analyze both individual user behavior and global traffic patterns, and can mitigate malicious bot activities in real time.
3. Enforce the use of VPN
It’s recommended to use a VPN or actual private network to maintain secure data communications in and out of the server. With a private network, users will use private, untraceable IP addresses so it’s harder for hackers to identify the user and find vulnerabilities.
Also, when connecting to the server via VPN, this effectively encrypts data from and to the server, so hackers won’t be able to steal data during transmission.
4. Configure your server’s OS according to the server security best practices
Make sure your server’s operating system is properly configured:
• Change the default administrator passwords, including on third-party applications hosted on the server
• Set user authentications/privileges only to the bare minimum necessary for the user to do their specific job
• Delete unused and unnecessary accounts regularly
• Educate your team and share comprehensive guidelines regarding server security best practices, especially regarding passwords
• Disable any unused/unnecessary applications and services
5. Regularly update your OS and software
As repeatedly discussed above, a very important aspect of securing your server is to make sure you are always running the most recent version of your OS and all your applications hosted on the server.
Updates should be installed as soon as they are available, especially when the patch notes mention “security fixes” or similar messages. You can set up automatic updates, or set up a regular schedule to perform updates if you want to maintain continuity.
Comments are closed.