Any IT infrastructure needs reliable protection. Information security is a topic that cannot be covered in a couple of lessons. However, there is a certain minimum that will help protect against attacks by non-professional hackers and bots. In this article, we will look at how to secure a server using simple methods.
Tools and methods of protection
Ensuring server protection from hacking always includes a set of various measures. Conventionally, the methods can be divided into the following areas:
- Protection of communication channels through which the administration and use of the system is carried out
- Organization of several levels of system security
- Differentiation of access to infrastructure resources
- Monitoring and audit of systems
- Backup
- Timely software updates (or rollbacks)
- Server antivirus protection
Next, we will look at practical methods that allow you to get a level of protection that is too tough for non-professional crackers and bots.
Privilege differentiation
When organizing access to resources, follow the universal rule – processes and users should have access only to those resources that are minimally necessary for work. This is especially true for databases and operating systems. The principle of least privilege will help to protect the server from unauthorized access from the outside, minimizing damage, as well as from internal threats.
It is best to create a separate account for each administrator, and operations that do not require elevated rights should be performed from non-privileged accounts. When using a Microsoft Active Directory environment, periodically check and configure Group Policies, as such a mechanism in the hands of a malicious administrator or hacker can lead to serious security breaches.
Mandatory access control
The next tip is for Linux systems and is related to the previous one. Many linux admins are content with discretionary access control mechanisms that are basic and always active. Meanwhile, many distributions (AppArmor in Ubuntu, SELinux in RHEL-based systems) have mechanisms for mandatory management. They require more complex configuration of the OS and services, but they allow you to fine-tune access to file system objects, providing more reliable software protection for the server.
Remote OS administration
Use secure protocols when administering the operating system remotely. For Windows, this is considered RDP, in Linux – SSH. Although these protocols are reliable, you can further enhance the security.
It is desirable for RDP to block connections from accounts with a blank password. This can be done through the “Local Security Policies” and the “Accounts: Only allow blank passwords for console login” setting. If a VPN is not used, RDP sessions can be protected with the secure transport protocol TLS, which will be discussed a little later.
By default, user identity verification in SSH is based on a password. By setting up authentication using SSH keys, you will increase the security of the server, since a long key is much more difficult to guess, and besides, you do not have to enter a password (the key is stored on the server).
Firewall settings
A proper security system consists of levels. Do not rely only on access control mechanisms. It makes more sense to control network connections before they reach services. That’s what firewalls are for.
A firewall (firewall or firewall) provides network-level access control to infrastructure sections. Guided by a certain set of allowing rules, the firewall determines which traffic to pass through the perimeter. Everything that does not fall under the rules is blocked. It should be noted that in Linux, the firewall is part of the kernel (netfilter), so to work in user space, you need to install the frontend: nftables, iptables, ufw or firewalld.
The first thing to do when setting up a firewall is to close unused ports and leave only those that are expected to be accessed from the outside. For example, for a web server, this is port 80 (http) and 443 (https). There is nothing fundamentally dangerous in the open port (the threat may be in the program behind the port), but it’s still better to remove the excess.
In addition to providing an external security perimeter, firewalls help divide infrastructure into segments and control traffic between them. If you have public services, consider whether they can be isolated from internal resources (DMZ). We also advise you to look at intrusion detection and prevention systems (IDS / IPS). This kind of solution works in reverse – block the security issue, skip everything else.
Virtual Private Networks
So far, we have considered how to protect the server from hacking. Now let’s look at protecting multiple servers. Now virtual private networks (VPNs) are most often used as an anonymizer and a tool for accessing inaccessible resources. However, their main purpose is to securely connect the networks of branch offices of organizations. At its core, a VPN is a logical network on top of another network (such as the Internet). Security is provided by means of cryptography, so the security of connections does not depend on the security of the underlying network.
There are many VPN protocols. The choice depends on the size of the organization, the network, and the level of security required. For a small company and a home local network, classic PPTP is suitable: almost any router or phone has the ability to configure pptp. Among the shortcomings, outdated encryption methods can be noted. IPsec protocols are suitable for a high level of security and network-to-site connections, OpenVPN and WireGuard are suitable for network-to-host connections. However, they require more fine-tuning, unlike PPTP.
What can threaten servers
A server can go down for a number of reasons other than being hacked. For example, it could be a malware infection or just a physical failure of one of the components.
Therefore, measures to protect the server should include:
- Installing and updating programs to protect the server – antiviruses
- Regular encrypted copies of data at least once a week, because, according to statistics, server hard drives are in the first place in terms of the frequency of breakdowns. Make sure the backup is stored in a physically secure environment
- Ensuring uninterrupted power supply to the server room
- Timely physical prevention of servers, including cleaning them from dust and replacing thermal paste
The experience of Integrus specialists tells us that the best protection against such threats is the application of the best practices in the field of server protection systems.
To ensure the security of our customers’ servers, we use a combination of tools: firewalls, antiviruses, security / event management technologies (SIM / SEM), intrusion detection / protection technologies (IDS / IPS), network behavioral analysis (NBA) technologies, of course regular preventive maintenance servers and arrangement of secure server rooms on a turnkey basis. This allows you to minimize the risks of hacking or server failure for other reasons.