When a diligent system administrator gets their hands on a new server, their work is just beginning. Take a fresh Linux box, put it on the internet, and see how long it is before bots start probing for vulnerabilities. The internet is an unfriendly environment. Before a server is ready to be used to host a web application, site, or email system, it must be hardened and secured.
In this article, I’d like to take a look at five systems every security-conscious system administrator should have in place before they put their new server online. This list isn’t exhaustive; it covers the bare minimum of work required to ensure that a server stays safe and that the right people are informed when there is a security problem.
Let’s begin with the most obvious step: installing and configuring a firewall. A firewall is a filter that sits between two networks — the internal network and the internet — determining which connections are accepted or rejected.
Firewalls, both hardware and software, inspect connections and compare them to a set of rules which indicate whether to accept them.
A firewall is the most basic level of protection every server should have.
Linux servers include a number of firewall options, of varying levels of complexity. It should be noted that configuring a firewall isn’t a set-it-and-forget-it job. The firewall rules must be regularly checked, maintained, and updated.
A firewall is a barrier between your server (or network) and the wilds of the internet, but a firewall on its own isn’t enough — a single line of defense never is. An intrusion detection system will monitor network and system activity and notify the system administrator of any anomaly.
Intrusion Protection Systems go a step further. Rather than simply notifying system administrators of a potential attack, an IPS can take action to prevent the attack, including blocking suspect IPs or resetting connections.
Vulnerability scanners are capable of detecting known vulnerabilities before they become a serious problem. Software and network vulnerabilities are responsible for a substantial proportion of successful attacks, and new vulnerabilities are discovered every day. Plus, even the smartest system administrator might neglect to carry out a crucial security task and leave a server or network vulnerable to exploitation — especially on large networks with multiple servers.
Vulnerability scans help reduce the odds of attacker being able to successfully find a path to compromising the security of the network and server.
A web application firewall is responsible for monitoring HTTP connections and determining if they present a risk. To take a typical example, SQL attacks are a common source of security problems for web applications. A Web Application Firewall is capable of monitoring incoming web connections for signatures that indicate malicious intent, including SQL injection attacks and cross-site scripting attacks.
If you intend to host email on your server, a whole new landscape of security problems opens up: ideally, you’ll need malware scanning and spam prevention with subscriptions to spam blacklists. Otherwise, your users will be bombarded with spam that contains malicious links and malware. The average email server receives many times more spam than legitimate email, and spammers are a wily bunch, constantly on the lookout for new ways to get their malicious communications in front of your users.
As you can see, the road to a secure server is long and winding, and that’s before you configure major services or consider encryption, but for a diligent system administrator, there are no shortcuts.
Our managed server hosting and managed security services can slash the effort of creating a secure server environment — talk to our team about using Steadfast’s firewall, intrusion detection and prevention, vulnerability scanning, WAF, email security, and encryption solutions with your infrastructure.