Grid Guides

Explore How System On Grid Can Work For You

7 Security Measures to Protect your Servers


Table of Contents

Introduction

Web Server Security is the protection of information that can be accessed through web servers. It is very important for any organization that has a web server or servers connected to the internet. Almost all the organizations have an online presence now and have confidential data in their databases. A web server without security can leak the crucial data and cause a notable harm to an organization in every way. So, web server security has become the most complex topic that the digital world is more concerned about.

In this guide, we will show you 7 basic security measures to protect your web server before you set up your applications.

7 Security Measures to Protect your Web Server

SSH Keys

SSH is an acronym for Secure Shell. Secure Shell (SSH) is a cryptographic network protocol, and it is responsible for encrypting the information between a user and the remote machine. It allows users to perform secure network services.

It uses SSH keys to log into a server so that you can get a more secure way of logging in. Generally, hackers use brute force attack to crack passwords. But, it is almost impossible to decipher the SSH keys by using the brute force attack. So, you can connect to your server without entering your password. Moreover, it is even more secure.

Secure Shell (SSH) is completely based on public key cryptography. For your easy understanding, let’s just say SSH keys come in a pair. One is a private key and the other one is a public key. The private key is stored securely to the home machine of a user. The public key is stored securely to any remote machine that user wishes to connect. You can use the public key on any server, but it can be unlocked by connecting to a user who already has the private key. The machine will be unlocked only when the two keys matched. You can also increase the security much more by protecting the private key with a passphrase.

SSH keys have more bit of data than a password. It means there are significantly more possible ways of combinations for a hacker to crack.

SSH Keys are very easy to set up. SSH key authentication is the most recommended to log into your Linux or Unix server remotely. SSH keys can be generated in your computer and transfer the public key to your server in no time.

Check here: How to Setup SSH Keys on Ubuntu 18.04 How to Use SSH keys with SystemOnGrid Orbits

Firewalls

A firewall is a protection from unauthorized access to a server. It is a network security device that monitors traffic to your server and allows or blocks a specific traffic based on predetermined security rules. It creates a barrier between a trusted internal network and an untrusted external network i.e., the internet.

The services that are running on a typical server can be categorized into 3 groups. They are:

Public Services: They can be accessed anonymously by anyone on the internet. Example: A web server that allows access to your website.

Private Services: They can be accessed only by authorized accounts or from a specific location. Example: Database control panel.

Internet Services: They must be accessible only from within the server without exposing services to others. Example: Database that accepts only local connections.

Firewalls allow you to limit access to your server depending on which group mentioned above is suitable for you. You can give access to everyone using public services, and you can restrict the permission using private services. You can also completely make some data completely inaccessible to the outside world.

Check here: How to Setup a Firewall with UFW on an Ubuntu and Debian Cloud Server

VPN and Private Network

A private network is a connection in a specified network that uses private IP address space. It can be a house, office, and organization’s local area networks known as LANs. And, the IP packets addressed from them cannot be transmitted through the public internet.

VPN is an acronym for Virtual Private Network. It extends a private network across a public network, thus gives the possibility to create connections between different computers presented in different locations. It is one of the sophisticated methods for more secure connections between different computers.

VPN allows you to communicate, share, and share information in a more secure way. It makes you communications absolutely private and secure the information in such a way that you don’t need to worry about the security breach.

Public Key Infrastructure (PKI) and SSL/TLS Encryption

If you want to create, manage, distribute, use, store, and validate digital certificates to identify users and encrypt their communications, you can use Public Key Infrastructure known as PKI. SSL and TLS are acronyms for Security Sockets Layer and Transport Layer Security respectively. You can establish the SSL and TLS certificates to authenticate different users to one another and identify them, encrypt their communications.

The authority to establish and manage SSL and TLS certificates allows you to verify the identity of each user within your infrastructure and encrypt their traffic. This helps you prevent attackers who try to imitate servers in your infrastructure to intercept traffic.

Each certificate is made and signed by the respective concerned authorities, it will be directly trusted by others. No need to use VPN tunnel if the applications you are using support SSL/TLS encryption.

Isolated Execution

Isolated Execution is a software reference addressed to provide more security through isolation concept. It allows you to hold a contained environment where malware can run without affecting the whole system, instead of stopping them from running or avoiding their insertion in the user’s computer.

Isolated Executions provide you a pool of such contained environments that are ready to use for running untrusted applications or opening distrustful programs or files from unverified third parties. In this way, they allow you to limit any kind of damage may be caused by malware, and also decrease the human errors which may cause an attack.

If a user gets any warning regarding opening the file, it's up to him whether to open a file or not depending on the confidence he has on the file origin. In such cases, you can use “send to sandbox VM” option where the file will be opened in an isolated environment. If the file causes any damage, it will be limited only to the sandbox scope. After closing the file, the sandbox will be restarted and back to the pool without disturbing the user environment.

Service Auditing

Service Auditing is a process to know what services are running in the server in your infrastructure, which ports are using for communication, and what protocols are accepted. This information helps you configure your firewall settings.

The more services you are running, the more possibility that there is a vulnerability existing in your accessible software. After knowing what network services are running on your computer, you can start analyzing the services.

Doing a basic service audit is very simple. And, by using netstat command, you can find out the services that are listening to ports on each interface.

sudo netstat -plunt

The output looks like this:

You need to pay attention to Proto, Local Address active Internet connections (only servers).

and PID/program columns. If the address is 0.0.0.0, it means the service is accepting connections on all interfaces.

File Auditing and Intrusion Detection Systems

A file auditing is a process of detecting and logging the changes to a known secure (healthy) file system. Any unauthorized activity to a clean server configuration is a sign that someone has accessed your server. In such cases, this process helps you find out changes to your system done by unauthorized users.

After the file auditing data has been collected, it has to be aggregated, normalized, and analyzed so that it can detect any unauthorized activity. The software that looks for unauthorized activity to files and reports them is commonly referred to as an Intrusion Detection System (IDS).

Conducting file audits and implementing IDS is an intensive process. The initial configuration in the process involves finding the non-standard changes you have made to the server and defining the paths that must be excluded to create a baseline reading.

The process complicates the updating process as you need to re-check the system before running updates, and recreating the baseline after running the update to catch changes to the software versions. You also need to offload the reports to another location so that no one can alter the audit to hide their tracks. The process may also increase your administration capacity i.e., being able to check your system for a known-good copy, the only way to ensure that the files have not been changed without your knowledge.