The news has been abuzz with reports of latest hacks and data breaches that have caused major mayhem to businesses and users alike. Web servers that serve as website hosts for your business are vulnerable to a number of security threats and need to be protected from intrusions, hacking attempts, viruses and other malicious attacks (such as phishing and hacking). Having a secure server is absolutely crucial for any business that operates online and engages in network transactions. Web servers are an easy target for hackers because of the sensitive data they usually host. Therefore, taking proper measures to ensure you have a secure server is as vital as securing the website, web application and also the network around it.
Your selection of the server, OS and web server is one of the first decisions that will impact what best practices you have to put in place for a secure server and the kind of services that run on it. Irrespective of what web server software and operating system (Microsoft Windows, Linux) you are running, there are certain measures you must take to increase your server security. It is necessary to review and configure every aspect of your server in order to secure it. Maintaining a multi-faceted approach offers in-depth security because each security measure that is implemented adds an additional layer of defense. Here is a list of tasks that individually and collectively will help strengthen your web server security and prevent cyberattacks against your applications and infrastructure.
- Automated Security Updates
Most vulnerabilities have a zero-day status. It takes very little time before a public vulnerability is utilized to create a malicious automated exploit. So it helps to keep your eye on the ball when it comes to getting your security updates. You may want to consider applying automatic security updates and security patches as soon as they are available through the system’s package manager.
- Review Server Status and Server Security
Being able to quickly review the status of your server and check whether there are any problems with its CPU, RAM, disk usage, running processes and other metrics will often help detect server security issues with the server faster. It is also possible to review the server status server with ubiquitous command line tools. All your network services logs, site access logs, database logs (Microsoft SQL Server, MySQL, Oracle) present in a web server, should ideally be stored in a segregated area and checked frequently. Keep an eye out for strange log entries. When your server is compromised, having a reliable alerting and server monitoring system in place will prevent the problem from snowballing.
- Perimeter Security With Firewalls
Having a secure server means having security applications like border routers and firewalls set up to help filter known threats, automated attacks, malicious traffic, DDoS filters, bogon IPs, and untrusted networks. A local firewall can actively monitor for attacks such as port scans and SSH password guessing to block any security threat from attacking the firewall. And a web application firewall helps to filter incoming web page requests in order to block requests that have been deliberately created to break or compromise a website.
- Use Scanners and Security Tools
There are many security tools (URL scan, mod security) provided with web server software to help administrators secure their web server installations. Though configuring these tools can be hard work and time consuming, particularly with custom web applications, they add extra layer of security and give you peace of mind.
Scanners can help automate the process of running advanced security checks against the open ports and network services to ensure you have a secure server and web applications. It usually checks for SQL Injection, Cross site scripting, web server configuration problems and other security vulnerabilities. There are even scanners that can automatically audit shopping carts, forms, dynamic web content and other web applications and provide detailed reports to detect existing vulnerabilities.
- Remove Unnecessary Services
Typical default operating system installations and network configurations (Remote Registry Services, Print Server Service, RAS) are not secure. Ports are left vulnerable to abuse with more services running on an operating system. So it is advisable to switch off all unnecessary services and disable them. This also helps boost your server performances, by freeing hardware resources.
- Manage Web Application Content
All web application or website files and scripts should be kept on a separate drive, away from the operating system, logs and any other system files. This way even if hackers gain access to the web root directory, they will not be able to use any operating system command to take control of the web server.
- Permissions and privileges
File and network services permissions are crucial to having a secure server as it helps limit any potential damage from a compromised account. Malicious users can compromise the web server engine and use the account in order to carry out tasks, such as execute specific files. File system permissions should preferably be granular. Review your file system permissions on a regular basis to prevent users and services from engaging in unintended actions. Consider removing the “root” account to enable login using SSH and disabling any default account shells not normally accessed. Make sure to use the least privilege principle for a specific network service to run and also restrict what each user or service can do.
Securing web servers can help keep corporate data and resources safe from intrusion, or misuse. And as we have established it is as much about people and processes as it is about security products. By taking these hardening measures mentioned in this post, you can begin to create a secure server infrastructure to support web applications and other web services.