Server Security 101: How to Keep Your Data Safe

Technology is ubiquitous in our society today, allowing individuals with a wide range of experience from novice home users to advanced data center professionals access to valuable personal and business data with a single mouse click or thumb tap. On a daily basis, vast amounts of critical data are being accessed, modified, and transported between corporate servers.  Since data security is critical when it comes to preventing identity theft, avoiding ransomware attacks, keeping trade secrets secret, and, as demonstrated by the recent Equifax debacle, maintaining your company’s reputation in the market, it has never been more important for CIOs and IT decision makers to have a strong focus on how to keep their servers secure.  This does not only apply to data encryption and access controls, but also the numerous pathways in which a server allows access to its data as well.  An Internet security threat report (ISTR) released by Symantec in April 2017 states “business email compromise (BEC) scams, which rely on little more than carefully composed spear-phishing emails, continue to cause major losses; more than $3 billion has been stolen in the past three years” (Source: Symantec). In this piece, we’ll cover some security best practices that will help secure your data center infrastructure and keep your sensitive data secure.

Firewall

A robust and comprehensively configured firewall is the cornerstone of IT security.  A firewall is a software, hardware, or a software and hardware system within a server infrastructure that limits and blocks unauthorized network access.  Standing as the first line of defense against unauthenticated network intrusions, blocking accessibility to all ports of a network except for those that are approved for use greatly diminishes the chances of servers being invaded or corrupted by illicit access. Advanced firewalls have a detailed auditing feature allowing monitoring of the type and amount of traffic that is filtered through it so administrators can review this data to aid in identifying flaws in their security structure.  There are a vast number of firewall options available for local and external network applications providing both software and hardware solutions so as always it is best to first determine your system and security requirements before searching for a resolution.

Password Policies

Implementing a strong password policy for all users accessing a network is of the utmost importance in limiting infiltration of enterprise IT infrastructure.  Organizations that do not mandate a random and complex password policy are susceptible to having their user’s passwords compromised.  Malicious software programs developed today utilize algorithms to constantly probe websites and IP addresses with random password attempts hoping to gain entry and execute exploits.  Using random combinations of lower case and upper case letters, symbols, and numbers will make passwords difficult to crack.  Additionally, having users update their passwords regularly helps reduce the window a malicious user would be able to do damage should they obtain a user’s credentials. Taking this a step further, by going beyond using just a username and password to authenticate can make a server significantly more difficult to compromise. For servers that are accessed via SSH, public key authentication is a must. Additionally, wherever possible, organizations should consider implementing two-factor authentication (2FA) to mitigate the risk created by credentials becoming compromised.

Regular File & Service Scanning

Another task that is vital to securing your mission-critical data is the analysis of the files and services on a server.  Service scanning, also called service auditing, is a process that identifies the services running within a system, which network ports are active from these services, along with any approved protocols.  Since servers utilize many services while in operation, it is important to understand which services are required for day to day usage and access.  Then, as continued scanning occurs over time, baselines can be established and administrators can determine if unfamiliar services are part of a malicious program and should be removed or streamline server performance by stopping unnecessary services from slowing down server processing.  This serves as an important second line of defense after a network firewall and helps prevent or mitigate the damage that can be caused if a malicious user or program makes it past the firewall. File scanning or auditing is a process that compares the present state of a system’s files to a previously scanned configuration when the server was in a known working and properly configured state of operation.  This provides a benefit similar to that of service scanning as it allows an administrator to identify if changes have occurred within the system that may have been unauthorized.  The use of an intrusion detection system (IDS), a software program that monitors server activity and provides notification of unauthorized access or actions, is ideal for server security as automated file auditing is often a feature included with an IDS.

Software Updates & Patches

As is the case with most hardware and software solutions in use today that require updates, servers updates and patches must not be overlooked.  It is important to apply the most recent update packages and security patches to your servers.  By maintaining a regular update schedule and having a patch process in place to apply security-related updates as they become available for a server, you can ensure that your infrastructure is protected against any known security exploits that have been recently discovered.  If updates and patches are left unapplied, servers are significantly more vulnerable to attacks.  Software updates are normally easy to perform as they are often automated via a program or utility, but may require short amounts of downtime to complete.  Deploying a redundant server can help make any downtime for a single server transparent to your users and allow you to implement patches and security updates without bringing operations to a halt.

Educate Users

As indicated in the aforementioned Symantec report, social engineering attacks can be some of the most damaging. All the encryption and firewall hardening admins attempt to implement will be for naught if an authorized user is compromised by a social engineering attack. Educating your users on best practices when it comes to handling emails, URLs, suspicious texts and social media messages, and password management are vital to maintaining the security of your network. Regular training and newsletters that hit the high points of common social engineering attacks can help users become more diligent and less susceptible to manipulation that can compromise your business.

Data Backups

Since mission-critical data and applications are stored on servers, having even one server become inaccessible can cripple a business, possibly even permanently. An article posted by Rand Group shows that 98% of organizations report a single hour of downtime has costs of over $100,000 (Source: Rand Group).  Because servers have become an integral resource for businesses of all sizes, it is vital to backup any and all data relevant to day to day operations and business continuity. Having a backup database server minimizes the amount of revenue lost should an unforeseen event occur.  Performing data backups should be included as part of the regular operations of an IT team as it is an automated task that can be executed during non-peak hours.  There are various server and database backup options available that include onsite solutions and cloud-based tools.  At the core of maintaining the data integrity and security of any backup is a server with high reliability, performance, and fault tolerance.  Premio offers a wide selection of custom solutions, with the Premio Flachestream Solid State Drive Servers, in particular, being ideal for databases and their backups. The suggestions above are not only for new installations or solutions. Existing architectures of any business today must be diligent in maintaining the most stringent security practices as well lest they become the next victim of a cyber attack. In the world of modern IT where cybercrime and data breaches can bring down an enterprise, the protection of servers and the data they contain must be viewed as a top priority to safeguard organizations of all sizes.