First time setting up a server? No problem. This blog will get you pointed in the right direction.
Servers deliver e-mails, run websites, and store crucial business data. As a result, their owners need to do the impossible to prevent major breaches. Since this task is harder than it seems, the following tips and tricks are more than welcomed.
An unsecured server that is located on the Internet can be affected in only a couple of minutes. As a result, you are advised to configure the server in the offline mode, and use a CD to load all the initial patches. The whole idea is to secure the server as much as you can before placing it online.
Bear in mind that the administrators of the server are provided with several privileges, including the right to access and control the system. Make sure that the individuals you hire as administrators are as trustworthy as possible, and handle the password only to the ones you trust the most.
A server located on the Internet can combine several functions such as e-mail and database service function, but that’s not a very good idea. Not only that a server which runs several applications is the perfect target for hackers, but it also comes with software incompatibilities. The best option is to allot a single function per server.
If you’ve decided to use your server with one purpose, you’re advised to get rid of any services and software that don’t match your purpose. All you have to do is disable the service that you don’t use by adjusting the configuration settings. This way, you are making sure that hackers cannot use these services. Other services that you’re advised to remove include unused language compliers, system development tools, and network services.
Besides, you should make sure that your server isn’t provided with instant messaging software, since this can be exactly the gateway needed by intruders. In case your company has an internal website located on the intranet, you are advised to host it on a different server from the one that hosts your public website.
Security software should definitely be installed on your server, since its goal is to identify and remove potential infections. Note that security software usually consists of anti-virus, anti-spyware scanners and filters, anti-root kit, and a firewall in charge of defeating unauthorized access.
Installing intrusion prevention and detection software may also help, as it will protect your server from different attacks and will guarantee for the integrity of the system files.
Don’t forget to clean up once the installation is finished
When you install several applications, you are advised to remove the scripts, sample files, directories, and code, since hackers have a tendency to use them for hiding malware.
Until now, passwords were usually required to have eight characters. However, current utilities can try not less than a million passwords per second, meaning that a password made of lowercase characters can be cracked in less than three days. If you use numbers and uppercase letters, your password will be more difficult to break, but still not impossible. That’s why you are advised to adopt the following safety measures:
– Choose a password that contains over 12 characters and try to include numbers, shift characters (@, %, o &), as well as both lowercase and uppercase letters.
– Never utilize passwords that make use of “dictionary words”, including clever or common misspellings, slang or digital slang such as ROTFL, expletives, or foreign words that are commonly used.
– Instead of adding a number at the end of your previous password, try adding it in the middle.
– Don’t let users to re-use their previous passwords
– Never use passwords that include pet names, anniversaries, children’s names, or birthdays.
– Quarantine incoming material
If you want to avoid potential attacks and intrusions, you can store your system files on different partitions or drives, but never in the location where the uploaded files are stored. Bear in mind that you can also hide the disk space availability for upload files, in order to make sure that the system is not utilized by hackers.
Most server operating systems enable users to lock their accounts in case a wrong password is introduced a couple of times, and this tactic can prevent some attacks. However, bear in mind that even legitimate users can type a wrong passwords, which means that the administrators will probably have to deal with requests to unlock accounts on a regular basis.