At a Glance
- Why Security?
- Server Hardening
- Standard Firewall
- Web Application Firewall
- Intrusion Detection System
Security is a critical component of any server including fully dedicated and virtual servers. Without proper security the server is left vulnerable to the hacker community which has become sophisticated, aggressive, and has taken the form of organized crime.
Motivated by lucrative pay-offs, members of the hacker community are able to stealthily penetrate vulnerable web-enabled applications and embed code that aids them in meeting their objectives. A hacker’s main goal is to generate revenue, and they can do so by several means. Ultimately, hackers are skilled at gaining unauthorized access to a server that is connected to the internet. It is noteworthy; however, that servers not connected to the outside world and u sed for internal demands may be at far less risk and security may be a minimal concern.
The hacker works to install malicous code, known as malware, on their victim’s server. Malware comes in many shapes and forms and is aimed at performing some nefarious transaction. The malware may send out spam emails that the hacker has been contracted to send. Or it may simply send click-throughs to a target web page that has been set up to generate ad revenue from Google AdSense or other pay-for-impression affiliates. Sometimes the malware includes phishing pages, which are set up to collect usernames and passwords from unwary end-users. The usernames and passwords allow the cyber criminal to gain access to a financial asset such as a checkbook or savings account.
Ultimately, malware is determinal for business. In the case of phishing pages, it is not uncommon for the financial institution that was targeted to contact both the FBI and the owner of the server in order to demand removal of the harmful pages. Cleaning up a phishing page incident can easily consume 8-16 hours of a manager’s time, who must work in conjunction with their IT staff to mitigate the problem created by the malware. For malware that sends out spam, the downside is the server is blocked by many ISPs, and email will no longer reach its intended recipient, which jeopardizes business communications.
The task of securing a server is complex and involves many components. There is no one piece of software or hardware that solves all of the potential problems. Because security has a cost associated with iit, it is common for a small business owner to forgo “best practices” and omit the security altogether or trim it back to a level that is insufficient.
A virtualized server, like any other computer, must be secured or protected from outsiders. A properly hardened server is the first level of defense. Server hardening refers to securing ports on the server 96 that is to close-up unnecessary access. Most servers need access to the internet, but also have bluetooth and printing ports wide open. Since bluetooth and printing are usually turned on by default, the systems administrator (sysadmin) must configure the settings so that these utilities are turned off when the server is rebooted, thus eliminating an opening that a hacker could use to gain unauthorized access to the server.
A firewall controls the flow inbound and outbound traffic to a cluster of servers. Similarly to server hardening, the firewall can close ports, but the difference is that the firewall closes ports based on IP addresses. The firewall has a group of rules that form a filter through which the inbound and outbound traffic must flow through. Packets of information are dropped when the firewall rules detect traffic to or from an IP that is prohibited. In addition to blocking traffic based on the IP, firewalls employ protection against denial of service attacks (DOS). These attacks consume resources on the target server and prevent it from functioning normally and prevent business transactions from taking place. Firewalls have built in counter measures to thwart many forms of DOS attacks.
Web Application Firewall
Server hardening and firewalls are necessary, but alone, are not enough to fully protect a server. Firewalls act like a sieve, where the holes in the sieve allow access to the server. Typical pinholes, as they are referred to by security professionals, provide access to the server through ports for web (port 80), email (port 25) and FTP (ports 20 & 21). Hackers are aware of these pinholes and found ways to sneak in. Therefore, another level of security is needed to examine the traffic that flows through the pinholes. Since most attacks happen over the web, a Web Application Firewall (WAF) is a primary line of defense, especially for servers whose core function is serving web pages.
Intrusion Detection System
Intrusion detection is like an alarm system for your home. If a thief attempts to open a window in the middle of the night, an alarm sounds and alerts the home owner. An Intrusion Detection System (IDS) is set up with triggers that detect traffic that is perceived to be potentially harmful. Just like an alarm system at home can place a phone call to the local police, the IDS can also react to an event to thwart the attack. IDS systems are varied and come in many flavors, but their end goal is to react to threats in real-time and protect the server.
Security is an essential component for any server that is connected to the internet. Isolated servers have a minimal security threat. Server hardening is the first layer of security that prepares the server by locking down unnecessary ports and turning on logging. Firewalls are the next level of defense and are responsibile for blocking ports on a larger scale than what simple server hardening is capable of handling. The Web Application Firewall (WAF) picks up where the firewall and hardening leave off, by examing the traffic as it flows through the port, and by stopping it when a potentially harmful traffic is detected. An Intrusion Detection System (IDS) is meant to thwart unwanted traffic before any damage can be done, by reacting to the inflow of data. It is similar to the WAF, but broader in scope and can cover more than just web traffic.