From Adobe to Target, high-profile companies were the victims of serious data breaches in 2013. In October, at least 38 million Adobe users discovered their encrypted passwords were no longer secure. And in December, more than 40 million consumers had their credit card data compromised when Target’s servers were hacked.
Why the sudden upswing? In part, because attack surfaces are expanding, bolstered by the flow of Big Data and the increasing reliance on cloud-based technologies. For IT admins, the task of completely locking down a server can seem overwhelming.
Here are four easy-to-implement security solutions.
1. Always Be Patching
Even if you’re running custom-built software on an in-house server, you’re not an island. From operating systems (a version of Linux or Windows) to hypervisor technology or database admin software, something in your system was coded by someone else. This means there are vulnerabilities, both documented and as-yet unrecognized. Bottom line? You need to patch.
As noted by Null Byte, you need to check for new patches, updates and vulnerabilities every day, and have at least passing familiarity with any existing security issues. Zero-day bugs can be detected and corrected within a matter of hours, or a day at best, but only if you’re on the lookout. Best bet? Follow the company Twitter feeds and Facebook pages of the software products you use, and never delay a patch install.
2. Protect the Passwords
No server protection article is complete without a discussion of passwords. All the basic rules apply: Don’t use anything easily guessed, such as your company name or a sequence of numbers. If your server admin console came with a default password, change it immediately. It’s also important to fiercely guard login credentials. This means you should never send full IP, login and password information in a single email or instant message. Instead, send some of the data via email and some using Skype or another voice service. In addition, use an entropy tool to test password strength.
There are two camps when it comes to strong passwords: One advises passphrases that contain no actual words, just numbers, alternating cases and special characters. The risk? They’re difficult to remember.
The other camp recommends the use of common words, but in an uncommon order. For example, using four unrelated words produces a long, high-entropy password, and if you create a small story around the words, chances are you won’t forget. The risk? A high-level dictionary attack could crack the code.
3. Limit the Software and Services Running in Your Environment
The big benefit of the cloud? Resources on demand. Unfortunately, this is also a boon to hackers. It’s important to periodically take a good look at your server stack and remove any software you don’t absolutely need. Culling not only speeds up response times but also limits the number of vulnerabilities available for hackers to leverage.
Want to go a step further? Examine any services running in the background. Stop any that aren’t necessary, and remove their companion software. If you see one you don’t recognize, remove it immediately and go hunting for malware.
4. Stay on the Lookout for Signs of a Hack
Despite your best efforts, a hack may still happen, but you can limit its impact by knowing the telltale signs. Check to see whether any new user accounts have been created that you don’t recognize, and also take a look at the /etc/syslog.conf file, which is often modified or replaced, and then make sure /etc/shadow and /etc/passwrd haven’t been deleted. If you suspect a hack, don’t change your password, because the hacker will receive notification of both the event and the new passphrase. Instead, roll back to previous versions where possible, use reputable anti-malware tools and, if necessary, wipe the server and reinstall.
Total server security? A myth. Cut low-hanging hacker branches, however, and you’ll make it much harder for attackers to scale your tree.