For most modern businesses, data security is just as important as physical security. Just think about all of the critical business information, intellectual property, and client data that you store on your computer servers. You wouldn’t leave that information sitting on your desk with the door unlocked, and you shouldn’t leave it stored on your servers without putting adequate security measures in place.
Most of us know how to protect our computers with firewalls and antivirus software but we may not know how to sufficiently protect our servers. This article should give you a good idea of where to start.
Just like with your desktop, you’ll want to protect your server with a firewall. Make sure your server’s built-in firewall is running, and you’ll want to add a network firewall if you connect it to a network. The network firewall will control traffic and enforce security policies between networks that have different levels of trust, such as your office network and the Internet.
Harden Your System
Focus your attention on the server’s ports. Each port is an open invitation for an unwanted intruder so it’s important to turn off all unused ports. With your windows and doors locked, it’s time to reduce the amount of vulnerabilities you have within your server. This is called “hardening” or strengthening your system.
There are a number of steps you can take to strengthen your system, but one of the most important is scrubbing your server of all unneeded software.
Trimming software is a surefire way to harden your system since each application has its own set of vulnerabilities. By deleting unnecessary programs, you reduce the ways in which the system can be attacked. If you’re running a Web server, for example, you would want to delete the unnecessary office and entertainment software so you aren’t vulnerable to exploits of those applications.
If you have multiple servers, some experts recommend that you dedicate each system to a single task because it greatly reduces the amount of vulnerabilities on each machine. This may not be an option for small businesses that want to save money through server consolidation, but for larger companies where security is a foremost concern dedicated servers may be the right choice.
Other tips include not allowing anonymous users onto your network, insisting on difficult 15 character passwords, blocking extensions to problematic scripts (such as .exe), and quarantining clients until you can scan their system attributes before allowing them access to the server’s resources. Talk to your IT consultant about these and other measures that will strengthen the security if your system.
Once you’ve taken all the necessary steps to harden your server, you may want to use an auditing tool to check for vulnerabilities you may have missed. The Center for Internet Security is a great resource which offers dozens of free auditing tools for operating systems, applications, and network devices. These tools will scan your system to find possible exploits and open ports you may have missed.
With your server firewalled, hardened, and audited, it’s time to install your intrusion protection software and make a plan for ongoing maintenance. Unfortunately, securing your server is not a one-time procedure — you’ll need to get into a routine of regularly scanning your system and updating your security software. You’ll also need to keep on top of security patches released by your software vendors and plan for regular security audits.
While it may take some diligence to get into a maintenance routine, it’s the only real way to stay on top of emerging threats.
Scarlet Pruitt is a freelance writer and business consultant based in San Francisco. She has covered business and technology for publications in the U.S., Europe, and Latin America.