It’s impossible to overemphasize the importance of security. Security ranks at the top of concerns for businesses of all sizes. In a 2020 State of IT survey conducted by Texas-based software company Spiceworks, 88% of businesses expect their IT budgets to increase or to remain the same for fiscal year 2020. The second most cited reason for the increase in spending was security (47%). According to another Spiceworks poll, 38% of North American businesses carry cybersecurity insurance and an additional 11% plan on purchasing cybersecurity insurance within the next two years.
There are many different kinds of security facing businesses today: server security, email security, network security, application security, the list goes on. If your main concern is how to increase your server security, these are the steps to take to make sure you are best protected.
Use a Host-Based Firewall
The host-based firewall is the best first defense and perhaps the easiest and least expensive to implement when it comes to server security. Host-based firewalls can prevent all protocol connections except for those explicitly allowed. This means that the firewall can protect your systems from unwanted connection attempts on services that are turned on but denied access from across the network. Host-based firewalls come as part of the standard load on all contemporary operating systems but must be configured for maximum effectiveness.
The most secure setting for a firewall is to deny all traffic except for what is specifically allowed through incoming and outgoing rules. For example, the deny-all rule would be set up for both incoming and outgoing traffic, but an administrator would create exceptions to the firewall rules for incoming traffic on TCP ports 80 (HTTP) and 443 (HTTPS) for a web server.
There should be very few exceptions to firewall rules on servers for the most effective server security. Possible business justifications for exceptions include monitoring agents, essential network services (RDP, DHCP, WMI), and backups. Any exceptions should be noted in the change management process so that all exceptions can be documented and tracked.
Use Anti-Malware Software
Host-based firewalls aren’t enough to provide 100% protection for your systems because any configured exceptions open up your systems to vulnerabilities and attacks. Your next best defense for servers is to install anti-malware software. Anti-malware software protects against more than viruses. It protects systems against Trojan horse malware, adware, spyware, and many over-the-network attacks. Anti-malware software provides an additional layer of security required for these days of infected websites, advanced persistent threats, and network worm malware.
Selecting anti-malware software is important and not all such services are created equal. Automatic updates are essential to keep systems protected. Firewall exceptions may need to be implemented to allow antimalware software to receive automated malware signature updates. Some anti-malware software uses so-called “heuristics” to detect malware and others will apply remediation to infected systems.
All servers, regardless of function or purpose, require antimalware software. No system should be allowed to operate on the corporate network without it.
Layered security is the accepted approach to server security and includes:
- Programming best practices
- File and service encryption
- Anti-malware suite
- Host-based firewalls
- Limited access
Check Your Encryption
The next mode in layered security is encryption. Encryption includes file encryption, filesystem encryption, and using encrypted protocols to transfer data between systems. Encryption is an essential security layer because any data captured, lost, or stolen by a malicious actor is virtually impossible to decipher and to use.
Linux systems, for example, require the encryption protocol Secure Sockets Layer (SSL) for remote user connections via the Secure Shell (SSH) client/server suite. All terminal/command line interactions between a user’s computer and the server are encrypted, including the initial login. The SSH suite includes secure communications via Secure File Transfer Protocol (SFTP), Secure Copy (SCP), and Secure Shell (SSH). Many administrators also secure non-secure communications by configuring those communications to operate over SSL.
While there are third-party encryption applications available, most contemporary operating systems have the capability to encrypt files and filesystems without any assistance. However, a word of caution is needed because encrypting systems with native tools can make those systems require a password prior to booting into a fully functional system. In other words, if you reboot a system, an operator will have to enter a password before the system fully boots up and is available on the network.
For any service that you install and configure on a server, there is likely a method or configuration to make that service secure. For example, on Linux systems, the SSH service (SSHD) can be configured to be more secure by denying across-the-network access for the root user, by using key pairs rather than passwords, and by changing the default SSH port to one not found in the default 1,000 ports that NMAP searches for in a normal scan.
And securing services doesn’t end with secure configurations, you need to also focus on secure access for services. One of the common vulnerabilities with web applications is known as SQL injection, which means that a malicious user can inject code into a database or web application and cause damage or data loss. Secure programming best practices can resolve some of a web application’s vulnerabilities but installing a web application firewall is another layer of security that further protects a service.
Maintain Limited Access
A final security layer is to grant users a minimal amount of access on a system. This security practice is known as the principle of least privilege. There are multiple methods of implementation for granting least privilege. The most popular among them is role-based access control (RBAC). This method breaks down privileges into roles and those roles are then granted to users based on job function.
In this method, roles, rather than users, are granted privileges and users are assigned to roles. Users may belong to more than one role. This method is better organized and better maintained than even the formerly accepted group privilege method, where users were placed into groups and those groups were granted privileges. The problem with group management is that groups can be nested and this complicates security and often leads to users being granted more privileges than needed.
For example, when a new employee is hired into a position in human resources, the user is granted permissions by adding them into the Human Resources role. By doing this, the new user immediately has all the access they need and none that they don’t. If they change jobs, then the Human Resources role is removed and they are then given access based upon their new role.
Let Experts Manage Your Server Security
Server security doesn’t happen by itself. It requires time for implementation, money, effort keeping systems updated and proactive knowledge to stay up to date on security trends, threats, and remediation techniques. These security practices apply to all systems whether virtual or physical; hosted or collocated. Securing servers requires skilled personnel to implement the multi-layered approach. Should you need assistance with securing your systems, contact us to discuss your needs.