In today’s modern digital world, security threats pertaining to applications, servers, and networks are increasing day by day. No matter how well a server or network is configured, it is useless if it is not secure. You need to pay a special amount of consideration to secure your system, as security defines the real worth of the system.
One single negligence can open doors for an intruder to jump into your server to perform malicious activities. Servers are the lifeline of any organization as information residing over them accounts to real cash and, once this information is stolen, the results can be devastating for whole organization. It is important to guard these servers closely.
In this tutorial we will teach you about securing your servers. Some of them are direct measures taken on your servers while others are indirect, like securing the network that in turn can protect all resources residing inside it.
Setting up SSH Keys (Secure Shell)
SSH keys are an alternative to password based authentication. It is an alternative to telnet in which your username and passwords are sent in plain form. Sending a username and password in plain form is not an issue if you are communicating on a private network, however, it is certainly not a good practice over insecure media like the internet. SSH is most commonly used to access remote servers over the internet in Linux environment.
Once you develop remote connection with server, all of your communication is encrypted. SSH is the proven secure way to communicate over internet. For SSH based authentication to work, you need to setup public and private keys. Public key, as its name implies, is the one known to everyone and it resides on server whereas a private key is one known only to the client who wants to connect to remote server. A private key must not be shared with anyone and must be kept secret.
Here is how it works: The client machine who wants to connect to the server sends a public key to that server. The server knows which client machines are allowed to use these public keys.
It then sends an encrypted message to the client which can only be decrypted by private key residing on the client machine by a mutually agreed upon encryption scheme. Once a client decrypts that message, it sends the result back to the server which will authenticate the client as legitimate.
Once authentication is performed, SSH will create a tunnel between the client and server; over this tunnel all communication is done by strong encryption. SSH provides a great way to execute a secure communication between client and remote server over insecure media like the internet where eavesdroppers are always looking for critical information.
The good thing about SSH is that it is easy to setup with just few commands and will work straight away. It is a good habit to use SSH whenever you want to connect to your server.
VPN (Virtual private network)
Private networks are ideal from a security point of view since they are available to a single autonomous body only. On the other hand, they are expensive to create and not within everyone’s reach; a majority of people have to rely on internet to communicate. A VPN provides an alternative solution to private network for people working on internet.
VPN connects two computers over the internet and makes that connection look like a private network connection.
A VPN achieves this by creating a tunnel between devices that are communicating with each other; just like in road tunnel, no other car can enter or leave except from the entry point at both ends of tunnel. In the same way with a VPN tunnel, only encrypted traffic sent by two ends of VPN can travel. No other traffic can travel through this tunnel. The VPN itself is a combination of security protocols that provide secure path for transmission of data.
The most notable security protocol of VPN is IPSec. A VPN provides you with a way to communicate privately in a public world.
A VPN establishment is a bit complicated and can only be done by expert network engineers. Once done, it helps to maintain high end security to all your traffic that travels through it.
Firewall is the first line of defence to your network against unwanted traffic as it watches everything entering or leaving the network.
It creates a boundary between your network (trusted zone) and the outside network (the untrusted zone). Firewalls are usually placed at entry point of network so that everything entering or leaving a network is monitored by the firewall.
The basic function of firewall is to filter traffic based on certain rules.
Firewalls come predefined with some rules presented by the vendor apart from that network administrator can also create his own rules. These rules are a set of instructions that decides whether certain traffic is allowed to pass.
For instance, if you wish to block a telnet connection to servers residing inside your network then you can define the rule at firewall to block all traffic intended for TCP/IP port number 23. Once this rule is deployed any telnet connection from outside of the network, it will be terminated by firewall from entering the network. Some of the functionalities offered by firewall are as follows:
- It prevents your network from malicious traffic like viruses, malware, and attacks like Denial of Service (DoS) Attack.
- You can define rules to block unnecessary ports over which an attack can be generated. Only those ports were allowed connection over which legitimate application is running. For instance, if you are running a web server it is good to open TCP/IP port 80 and block all rest.
- You can block unwanted sites such as social media sites in your office.They are essential to keep unwanted traffic at bay from your server. A Firewall can be either hardware or software. Some renowned hardware vendors of firewalls are Cisco, Juniper, and Palo Alto. Firewalls work out of the box, however, you still need a good network engineer to configure them for your requirements.
Intrusion Detection and Prevention System (ID&PS) is another security layer that can be deployed to protect your servers from malicious and unwanted traffic.
IDS generates an alarm whenever it detects any suspected traffic and its purpose is to prevent that anomaly from destroying your system.
ID&PS comes with predefined pattern and it will continue to match those patterns with traffic flowing through it unless it finds an anomaly.
ID&PS patterns are known threats like viruses and hacking attempts and, once it find a match, ID&PS generates an alarm.
Performance of ID&PS depends on how well it is trained to find unwanted traffic. Just like with a firewall, ID&PS can also be either hardware or software. Famous software based ID&PS is Snort. Snort is open source which means it is not only free to use but it is also open for all sort of modifications.
Sandbox is new information security concept where applications are confined to their own isolated execution environment and cannot see other programs execution areas. By sandboxing your system, if any malware or virus enters then it will not be able to affect other parts of your system. Just like an actual sandbox provides a way to keep sand in one box and protecting it from mangling into other boxes, this concept is applied to information security. The Sandbox concept is widely used in mobile operating systems like android (a Linux based mobile operating system).
As there are millions of apps available in Google play, and some of them can be malicious, sandbox causes such malicious apps to remain in their own execution area and denies them to access other areas of the mobile device.
Every app has a unique ID that can only access resources assigned against that ID. For instance, a torch app will be denied access to your contacts and Wi-Fi until you give it permission to do so.
Sandbox has played an important role in success of the Android operating system; this concept can also be applied to servers for their security.
Use Secure Operating System
When it comes to operating system market, there are two prominent names: Windows and Linux. Linux traditionally evolved as a command line operating system, while windows main area of strength is its user friendliness.
Linux is widely recognized as an operating system for server side functions due to its stability and security as compared to windows.
Today Linux holds major stocks of the Server end market. The Linux file system is very complex to compromise by a malicious program. The majority of viruses, Trojans and, malware that exist target a windows environment while there are relatively few for Linux.
Another good thing about Linux is that the majority of its distributions are free to use whereas windows is almost never available as a free operating system. You can enjoy freedom, security, stability, and other benefits of Linux only if you have expertise in handling it.
Whenever setting up a server, make sure you use secure operating system.
These are some practices that you as an IT administrator can use at your workplace to secure your servers.