6 steps to secure your server
by David Dwyer on 28/08/2017
Your online security is only as good as the weakest link in the chain.
If you’ve been asking yourself “How can I effectively secure my server?” then this article is for you.
Let’s get straight to it with a hard truth: Your online security is only as good as the weakest link in the chain.
That means you need to protect your own website; regularly update the web applications you use; protect your network with firewalls; and consider the security of your server or hosting agent.
Why? Because your own website can be directly attacked, but so too can the web server that hosts your website. It can be threatened by direct hacking attempts, phishing, intrusions or viruses.
Therefore, your hosting service or IT department needs to protect your server(s) from attack in a proactive manner. After all, hackers know that servers invariably contain sensitive (lead valuable) data.
Your choice of host agency, server and Operating System (OS) – Microsoft Windows, Linux, Apple – will dictate what you need to put in place to meet current best practice on security. So, it’s necessary to review and configure every aspect of the operation to ensure you’re properly securiing your server.
If you're operating on an e-Commerce platform, your level of server security will depend on the platform that you've chosen. We believe Shopify to have the most secure server but others may have upped their game in recent months or years.
Below you will find Inspire Digital’s six helpful and practical measures you can take that will increase your server security. Remember, with security the sum will always be greater than the individual parts, and each combination of steps will itself add an additional layer to your defences.
Do all that you can, then ask how you can do more!
1. Review your server status
Following a regular and routine monitoring process can catch a problem before it snowballs. Begin by conducting a review of your server’s status, and check whether there are any problems with its CPU, RAM, disk usage, running processes and other metrics, as these will often help detect server security issues.
Ideally, store network services logs, site access logs, database logs (Microsoft SQL Server, MySQL, Oracle) and check them frequently. Then investigate the cause of any strange log entries you find.
It’s a good idea to always keep scripts on a separate drive, away from your operating system, your logs, and any other system files. Then, if a hacker does access your web root directory, they can’t control the server by using an operating system command, thus securing your server that extra bit more.
2. Automate your security updates
Most vulnerabilities have a zero-day status. It takes very little time before a public vulnerability is used to create an attack. But by applying automatic security updates and security patches as soon as they are available you can minimise the risk and improve the security of your server.
3. Set up perimeter security with firewalls
Applications like border routers and firewalls can help filter for known threats, automated attacks, malicious traffic, DDoS filters, bogus IPs, and untrusted networks.
Your local firewall can monitor for attacks such as port scans and SSH password guessing, and block any security threat from attacking the firewall. A web application firewall will also filter incoming web page requests, and can block any that have been deliberately created to break or compromise your website.
Firewalls are an excellent measure to take in achieving a secure web server.
4. Security tools
Web server software often contains security tools (URL scan, mod security) that administrators can set up to help secure the web server’s installation. Configuring these tools can be time consuming, particularly with custom web applications, but they will give you peace of mind.
Scanners can run advanced security checks against open ports and network services to help secure your server and web applications. They can check for vulnerable areas including SQL Injection, Cross site scripting and web server configuration problems. Some can also audit shopping carts automatically, check forms and dynamic web content, and flag up any issues found.
5. Remove unnecessary services
Typical default operating system installations and network configurations (Remote Registry Services, Print Server Service, RAS) are not secure. Ports are left vulnerable to abuse with more services running on an operating system. It’s best, therefore, to disable all unnecessary services.
If an account is hacked, then file and network services permissions will limit any potential damage. It’s good practice, therefore, to schedule regular reviews of your file system permissions.
Grant the minimum privilege required for a specific network service to run, and then restrict what each user or service can do to a minimum. Disable any default account shells that are not being accessed normally and consider removing the “root” account to enable login using SSH.
Ensuring server security is crucial for any business that operates online, but especially those that permit network transactions. For them, this is an issue you simply cannot ignore, and network transactions are being protected, increasingly, through the adoption of SSL certificates and HTTPS to encrypt communications
Take action to secure your web server!
If you follow some (or better yet all) of our six tips, they will help secure your web server and help keep your data and resources safe.
Inspire can ensure your server is safe by offering bespoke advice, guidance and technical serve. Give us a call today on 01738 700006 or chat with us on WhatsApp to have your web security questions answered.
You can read more about the Inspire Process to security, project management and web development via our site.
Cyber Security, Cyber Security Vulnerabilities, Security, Server, Server Security, The Evolving Web, Website Vulnerabilities