Computer infrastructure is the backbone for companies across the land. Continuity is a must, therefore the efforts to avoid downtime and data loss is the substance of every systems administrator. Getting to launch an application and rapid time to deployment are often primary points focus in IT initiatives – for a variety of good reasons. However necessary these tasks are, if server security is not a component of this initial infrastructure effort, there are likely to be risk and implications at some point in the future.
Simple steps to better security
A number of simple security practices can help in the efforts to keep servers safe. Server security practices and tools are implemented either as applications are configured or before they are prepped for production. In any case, these elements deserve attention.
An essential part of any server deployment, a firewall helps restrict access over a network to a number of specific application types. Namely, the services that run on a server fall into the following firewall categories:
- Internal services – Some services that run on a server should be configured so that they can only be accessed from the server itself.
- Private services – In other cases, services that run on the server need to be accessed by a select group of accounts, locations, or systems.
- Public services – Services in this category are configured for public access, which may incur anonymous access. This is much like the services that run on a web server.
The most significant goal of the firewall is to control access to systems according to security needs and the application needs which fall into those categories. This network layer of protection provides a specifically-designed “VIP” list for access in and access out of the server. If you’re not on the list, you don’t get in – plus, you also may not be able to get out. By limiting the exposure on a system through a proper firewall configuration, you limit the attack surface of that system.
Specialized Execution Environments
One of the great benefits of containerized application environments is the fact that by default, they create special areas where security incidents are isolated. Any deployment that utilizes dedicated resources to run applications can help reduce risks and elevate the overall security profile of a system. Other applications can be isolated by only running underprivileged access.
Specialized execution environments are contingent on the capabilities of the infrastructure they run on. In addition, the capabilities and requirements of an application may not be totally compatible with this sort of approach. In some cases, from a security perspective, it may be best to structure applications onto dedicated resources to utilize this approach, such as dedicated hosting or hybrid cloud services.
Intrusion Detection Systems
An intrusion detection system, also known as an IDS, describes specialized software that is focused on detecting unauthorized activity within a computer system. An IDS will actively detect changes to critical files that are made on a server in order to protect the integrity of the entire system. An intruder may attempt to change log files, change binaries, and injected comprised versions of standard executables to evade detection and maximize their efforts.
By detecting changes in properties such as file size, digital signature, or permissions configuration, an IDS can uncover a significant attack before the resulting damage becomes significant. Implementing an IDS, however, can be a significant effort as it requires an initial baseline on the system being protected in addition to a constant cycle of tuning, updating, and management.
We are all quite familiar with passwords, which is exactly why they are so vulnerable. It is human nature to use passwords that can be memorized or reuse passwords. There are many ways to socially engineer the loss of a critical password and with today’s computing capabilities, automated password cracking programs can threaten the security of a system. SSH provides an alternative to the password as a login security measure as the protocols utilize elements that are far more unique and considered uncrackable by modern computing systems. In an SSH authentication model, a public and private pair of encryption keys is used within an encrypted exchange to authenticate users without passwords. The public key is accessible to anyone, but the private key is kept secure and secret. In an authentication exchange, the private key user must validate key ownership. On a Linux-based system, SSH authentication is the recommended method for remote system access.
Utilizing SSH authentication will improve the overall security posture of a system as it greatly limits the potential for automated attempts at system access.
SSL certificates, also known as TLS certificates are tools that can help authenticate, identify, and encrypt transactions between systems. One major way of using this security measure is by bringing in a trusted third party certificate authority to issue cryptographically signed certificates. When a system looks to connect to another, and exchanges a request for identity the requester receives a unique server-based certificate that can be publicly validated against a third party issuing authority. If the server clears this validation, communications can continue as a trusted connection for continued exchanges.
A similar alternative is running your own Public Key Infrastructure, also known as a PKI. This is a hierarchical system of systems that are dedicated to function as certificate authorities. Implementing PKI can be a significant task to set up and maintain as it requires ongoing administrative efforts to manage certificates.
Basic security is worth the basic effort
With a multitude of strategies and options, some of which were visited here in this article, a systems administrator or engineer can assure the best security possible for systems. Basics in security are surprisingly simple to implement for the best security possible.
A seamless online experience requires great web security. One of the ways that Codero provides better security is with enhanced security services that keep managed hosting and dedicated servers running. This includes Codero’s set of dedicated and fully managed Firewall Services. Using Cisco ASA enterprise-grade equipment, Codero delivers security of traffic, rapid response to threats, and minimized risks for servers but most of all – integrity. Have questions? Talk to one of our hosting experts today!