Server security is dependent on many factors, including operating system and purpose. But some things are universal.
Server security is an ongoing concern of IT, regardless of whether the server is locked away in a data center or sitting in an office somewhere. Server security is even a concern if your servers are in the cloud. Allowing a hacker or malware to access a server can compromise an entire business. Just a single point of infection can be enough to spoil the whole soup.
No one ever said the new world of work was all fun and games. There are risks.
But there are also precautions and best practices. Let’s take a look at the top five server security concerns.
1. Physical security
Physical security is always the number one priority for a server. No matter what tricks, technologies or software you use, if you allow uncontrolled physical access to a server, you risk compromising the device. For a data center, whether your own or a cloud service, physical security is usually built in to the operation. Only authorized people are allowed in the facility, and specific data halls or equipment cages may have additional levels of physical security, further limiting access to these critical servers.
Not every business can afford this level of security. But leaving a server sitting in an open office area is just an invitation to unauthorized access. Simply keeping a departmental server locked in a closet can make a big difference. Running it headless, with no monitor or keyboard, provides an additional layer of security.
2. Explicit levels of administrative access control
Users with a requirement for administrative access, whether IT staff or business workers, should be assigned only those privileges necessary for them to accomplish their required tasks. Operating systems have granular levels of control so that administrative tasks can be assigned to specific users, without the need to grant overall administrative access rights. Web consoles for cloud services will also often offer graduated levels of administrative access, depending on the service. Remember that in almost all cases, less is more.
3. Keep server and application software updated
There is a reason that software vendors regularly patch and update their operating systems and applications. While many patches are to solve functional problems, there are almost always security patches that need to be applied in order to maintain server security. For example, Microsoft had released an emergency patch for Windows Server to plug a hole in its security.
Unpatched servers are one of the biggest sources of malware infections on the Internet, so unless you are planning to keep a server disconnected from the outside world, you need to make sure that, at the very least, security patches are applied as they appear and are tested. For cloud-based servers and applications, you may need to regularly update client software running on your end to make certain that the latest security fixes have been applied.
Keeping up to date on these changes can also create staffing issues, especially at smaller businesses where the IT department may consist of just a handful of people. One solution to this problem is to outsource these sorts of tasks to an outside vendor or partner, to allow your in-house staff to focus on mission-critical tasks.
4. Maintain application security
Many applications, especially those with web-based or collaborative components, have their own security models. Because the applications themselves may have elevated security privileges based on the needs of the application, allowing unsecured access to the applications and their resources can compromise the security of the hosting servers.
Specific applications, such as web servers, will have their own security processes that need to be followed. Proper installation and management of the applications will prevent the sort of user-introduced errors that can compromise server security.
5. Turn off every function the server doesn’t need
Servers don’t need web browsers, yet you often find them present. Disable them or, depending on the operating system, remove them completely. If you’re running a Windows Server for file and print services, it needs very few other features installed. Do your homework, and disable any other feature unnecessary to the desired operation. Every extra feature that has remote access or availability provides another venue for attack.
Final Thoughts
Maintaining secure servers is, in various ways, simply limiting the opportunities for access — by staff, strangers, viruses and malware. Keeping strict limits can go a long way to keeping a secure computing environment.
Without a combined effort, strengthening IT security isn’t just difficult, it’s virtually impossible. Start the conversation on security now.
Tags: Blog