What is server security?
Server security covers the processes and tools used to protect the valuable data and assets held on an organization’s servers, as well as to protect the server’s resources. Due to the sensitive information they hold, servers are frequently targeted by cybercriminals looking to exploit weaknesses in server security for financial gain.
Servers sit at the heart of an organization’s IT infrastructure and allow large numbers of users to access the same information or functionality, often remotely. Generally, they are used to run email systems, power the internet, and host files. The problem, though, is that something as simple as a weak password, missing antivirus software, or user error could expose the business to substantial loss.
To be most effective, security for servers should be arranged in layers. For maximum protection, you need to address potential issues in your network, the server’s operating system, and any applications or software hosted on your server.
Should I be concerned?
For businesses, the threat of being attacked by cybercriminals is very real, and the stakes are high. Juniper Research estimates that by 2020, the average cost of a data breach will exceed $150 million. Besides the direct financial loss, a security breach can also result in negative publicity, which can damage a brand and its reputation.
While Marriott International and Yahoo are some of the big names that have been at the center of huge data-breach scandals, small businesses are not immune. According to a report by Accenture, 43% of cyberattacks are aimed at small businesses.
Common server security issues
Cybercriminals may be getting more sophisticated, but that doesn’t mean we should make it easy for them. Check the following list of common mistakes that cause server security issues and make sure that you and your employees are not making any of them:
Passwords. Weak passwords can be easily hacked and poor security controls can lead to passwords being stolen and sold on the dark web. Consider using a password manager if you’re concerned about the integrity of your passwords.
Old software/operating systems. Cybercriminals are constantly identifying and exploiting weaknesses in software, which means that running an outdated version significantly increases your risk of exposure.
Patch management. By using a patch management service, you can ensure any changes in code are acquired, tested, and installed.
Open network ports. Misconfigured servers can be easily exploited.
Old and unnecessary accounts. Unused accounts offer hackers an additional way in.
Poor physical security. Not all threats are virtual. Poorly secured keys can be just as dangerous.
Server security hardening
To ensure maximum protection of your server, you should complete the process of server security hardening. In simple terms, that means applying a combination of basic and advanced security measures to address vulnerabilities in your server software and operating system to boost overall server security.
Common ways to achieve server hardening include:
-
Using strong passwords
-
Ensuring that communications are data encrypted
-
Completing regular system backups
-
Keeping operating systems up to date and applying security patches as they are released
-
Removing unnecessary third-party software
-
Installing firewalls and antivirus software.
- Conducting regular penetration tests.
How to secure your server
Looking for guidance on how to secure a server can pull up an overwhelming array of technical information. In this section, we’ve made it simple by breaking down the main web-server security best practices that you should follow for effective protection.
Use a secure connection
Passwords are vulnerable to brute-force attacks in which cybercriminals use advanced algorithms to test vast combinations of letters and numbers in an attempt to crack passwords. A more secure alternative to password-based authentication is using SSH (Secure Shell) to establish a secure connection with your server. SSH keys consist of a pair of cryptographically secure keys containing a public and a private key. The public key can be shared freely but the private key must be kept strictly secret by the user. Using SSH encrypts all data that is exchanged.
A proxy server can also be used as a further security measure. Proxy servers hide all users on your network behind the proxy’s IP address, making it harder for hackers to target specific devices to gain access.
Connect via a private network or VPN
Another recommended security practice is to use a private network or virtual private network (VPN) to ensure secure data communications. A private network is restricted to certain users or servers through the use of a private IP address. The same environment can be achieved when connecting remote servers through a VPN. This encrypts data to and from the server and gives users the same functionality as if they were connected to a local private network.
Employ SSL/TLS
What the experts say
“The most fundamental security countermeasure for defenders consists in keeping the infrastructure up-to-date in terms of patching. Especially for the Internet facing infrastructure. Prevention should be the first priority for both internal and Internet facing infrastructure.”
David Álvarez Pérez, Threat Hunting Specialist & Jan Neduchal, Linux Malware Reverse Engineer
Avast Threat Labs
Server security certificates are another effective safeguard. Server security certificates are cryptographic protocols - SSL (Secure Sockets Layer) and its successor TLS (Transport Layer Security) - that are used for authentication and encryption. In simple terms, they safeguard network communications by scrambling sensitive data sent via the internet, such as passwords, usernames, and credit card details, allowing servers to validate entities.
Regularly update your operating system
A key step in securing your server is ensuring that you are always running the most recent version of your operating system. Hackers routinely expose weaknesses in software that developers then work to shore up. Updates are released as security patches and should be installed immediately, ideally automatically. Failing to keep your operating system, or any other software running on your server, up to date, effectively leaves it open to known vulnerabilities.
Configure the OS based on best practice guidelines
For the greatest protection, ensure that your operating system is configured according to server security best practices. These include, but aren’t limited to:
-
Changing the default passwords on any installed third-party software
-
Setting user privileges to the minimum necessary for the individual to do their job
-
Deleting or disabling any unnecessary accounts
-
Creating stringent guidelines for passwords and ensuring all system passwords comply
-
Disabling any unnecessary services or applications.
Server security checklist
Now that you know what good security looks like, work through our handy server security checklist to ensure you have it all covered. We’ll take you through everything you need to do, from initial setup to long-term maintenance.
-
Record server details. First of all, identify and make a note of all the important details relating to your server, such as the server identification number and the MAC address.
-
Consider physical safeguards. Although the server is at virtual risk from adversaries, you should also consider physical safeguards to prevent unauthorized access. Restrict access to the server room to as few people as possible and ensure that keys are kept secure.
-
Set up server logging. Keep an eye on what’s happening and enable traceability by configuring event logs. Monitor remote access logs and follow up on any suspicious activity as well as logging account logins, system configuration changes, and permission changes. Consider backing up logs to a separate log server.
-
Avoid patching weaknesses. Check that the operating system and any other software or applications are running the most up-to-date versions.
-
Restrict software. Remove any unused or unnecessary software or operating system components. Similarly, any unnecessary services should be disabled.
-
Monitor hardware. Carry out regular hardware maintenance and routinely inspect your server for any aged or damaged components that may need replacing.
-
Ensure system integrity. Employ robust authentication methods such as two-factor authentication for all system administrators. Remove any accounts that are no longer necessary.
-
Implement backup procedures. Aim to automate regular server backups and routinely check that they are operating as expected. From time to time you should test recovery images.
Maintaining your server security is easier than ever
Protecting your business from the ever-evolving threat of cybercriminals may seem overwhelming, especially when simply running your organization demands so much of your attention. Fortunately, it’s now easier than ever to maintain your server security with Avast Business Antivirus Pro. A safe solution with server security features built-in, Avast Server Antivirus offers cutting-edge protection, letting you focus on your business. Avast also offers Antivirus for Linux servers, helping you protect your organization no matter what server you use.