10/08/2016
www.serverhedge.com
Skype: serverhedge
Helpdesk: http://serverhedge.com/helpdesk
The web service is just one part of a server. There are hundreds of ways in which server security can be breached.
Setting up a strong foundation for server security is the first step in securing a web server.
1) Disable un-used services – In a default OS installation, many services are set to auto-start.
This will open ports to the public, which may not be secure. So, disable all services you do not need.
2) the file system –
The filesystem controls the access privileges of each user. By hardening the filesystem settings, any malware that’s uploaded to the server can be blocked from being executed.
3) Protect system – Core system binaries can be write protected by using special filesystem settings. Preventing modification at filesystem level can be an effective deterrent against core system infection.
4) Use only verified, authentic software –
Get application repos only from official repositories that are cross verified using signature.
5) Setup Mandatory Access Control systems to block unauthorized operations – There are kernel patches in Linux and Mandatory Integrity Control features in Linux that restricts each user to a very limited set of operations.
This effectively blocks an attacker from running any damaging exploits.
6) Enable intrusion detection –
Quick reaction to an intrusion or an intrusion attempt can help you limit any damage done on the server. Intrusion detection systems (IDS) monitor sensitive directories, logs and processes to notify you of un-usual behavior.
7)Ensure physical security –
Many businesses now use cloud servers from AWS, Google or Azure. For these users, physical security may not be relevant. But for companies that still use on-premise or co-located servers, physical security is still important.
Almost all attacks originate over the network.
By locking down your network services, a vast majority of these attacks can be blocked even before it touches your web application.
1)Close all ports, and open only the ones you need –
This is the most fundamental principle in network security. Block all, and allow only those you really want.
2) Segregate private and public network –
Remember that any one can listen in on the traffic from your server.
Your company’s private data such as backup, internal mail, traffic to development server, etc. could be open to public. Split your network traffic so that only the data that’s supposed to be public is available over the public IP.
3) Harden the network against common attacks –
Many common attacks such as Slowloris, flood, or packets exploit insecure default settings in operating systems. The network settings need to be adjusted to defend against these issues.
4) Monitor port scanning behavior and block attacking IPs –
Valid users come directly to a standard service port, and request information. Malicious users scan for any open ports. Block any IP that tries to connect to closed ports at random.
5) Setup a brute force monitor to automatically block abusive IPs –
Legitimate users do not send in hundreds of login requests per minute.
Install a brute force monitor and block originating IPs.
6) Prevent direct access to back-end servers –
In reality, only your web server and mail server should be open to the public.
All others such as backup server, database server, POP/IMAP server, etc. should be off limits to direct access. Put these servers on a private network to reduce your attack surface area.
software is perhaps the most popular way for hackers to gain access to a server.
Software vulnerability results from using outdated or non-authentic software. Here are the various ways in which you can ensure your software packages are secure.
1) Update software packages periodically –
Configure the package management software (such as Yum) to send you notification when an update is available.
2) Delete unwanted packages – Default OS installs contain packages you may not need.
3)Apply security updates ASAP – Auto updates can be configured for security updates.
4) Use only verified, authentic repositories – Get application repos only from official repositories cross verified using PGP signature
5) Protect your base repos from being overwritten – If you use multiple sources for your software, protect your core system libraries from accidental deletion. For eg., in compatible systems, you can use -protectbase for this purpose.
Attackers use phishing, brute forcing, or social engineering to steal login details. Here are a few tips to secure user accounts:
1) Prevent account setup with empty passwords –
Configure the account setup policies and/or scripts so that a password is mandatory to setup an account.
2)Enforce use of strong passwords –
Users tend to set easy to remember, short passwords, but it is often vulnerable to dictionary attacks. Enforce use of long passwords.
3) Setup password expiry – The longer a password remains unchanged, the more time an attacker has to guess the right login combination. Force periodic password reset
4) Prevent use of old passwords – Some attackers keep pilfering sensitive information using stolen passwords.
Changing passwords periodically can block this, but it won’t work if the user sets the old password.
So, prevent re-use of passwords.
5) Lock account after login failures –
use automated tools that push in hundreds of per minute to get a working combination.
You can prevent it by setting the account to lock after a few login failures.
6)Restrict of user –
Build a security policy that prevents users from listing other system users, or navigating out of their home directories.
& so on...
www.serverhedge.com
: serverhedge
Helpdesk: http://serverhedge.com/helpdesk
