DataDome

What is server security and how to implement it.

Table of contents
Bot management DDoS
Paige Tester, Director of Content Marketing
1 Sep, 2020
|
min

The threat of being attacked by cybercriminals is very real for all businesses, big and small. It is expected that by 2024, business losses to data breaches will exceed $5 trillion. A serious data breach will also not only affect the financial state of an organization, but can lead to long-term and even permanent damage to the business’s reputation.

One of the most common causes of data breaches is weak server security. As attackers devise ever more sophisticated ways to attack your servers, strong server security best practices are very important for protecting your business and your sensitive data.

In this guide, we’ll discuss the concept of server security, the importance of server security best practices, and how you can set up a fully secured server.

Summary

  1. What is server security?
  2. Common server security vulnerabilities
  3. Basic server security guidelines
  4. Server security checklist
  5. Best practices

What is server security?

Server security refers to all the processes and tools used to protect the sensitive data, resources, and assets held on a server.

Servers are frequently targeted by cybercriminals because they tend to hold sensitive and valuable information. Cybercriminals are always on the lookout to exploit vulnerabilities in server security for financial gain and other reasons.

In most IT infrastructures, servers are the core of the whole infrastructure. The server is what allows all users to access the same resources, functionality, and information remotely. When the server is compromised during an attack, there’s a high likelihood that the whole network and/or system is also compromised.

So, maintaining server security is obviously important. However, even a very small flaw like a weak password, missed/failed software update, and other relatively simple human errors can lead to a compromised server and substantial loss for the organization.

This is why to ensure the effectiveness of the server security, we have to consider different layers — from identifying and managing potential issues in your network, to securing the server’s OS, protecting any software and applications hosted on your server, and at the most granular level, securing sensitive and regulated data hosted on the server.

Common server security vulnerabilities

How are cybercriminals attacking your servers? Here are some common mistakes and vulnerabilities that are often exploited by hackers and cybercriminals:

  • Weak passwords

To guess weak passwords, hackers can use malicious bots to perform brute force attacks or credential stuffing attacks. If the attackers gain possession of admin credentials, they can then access your servers and cause a data breach. The attackers may also sell your credential information on the dark web.

Make sure you are using a sufficiently strong password that is at least 10 characters long, use a combination of lowercase and uppercase, symbols, numbers, and spaces, and unique only for this account. Consider using a password manager service to ensure you are always using strong passwords you won’t forget.

  • Patch management

It’s important to use a patch management service to ensure any changes in code are properly tested before installation and comes from a trusted source.

  • Failed or missed updates on software and OS

No software or OS is 100% perfect, and responsible manufacturers will address security vulnerabilities in their software with security fixes and patches. So, these updates are there for a reason.

However, when a software manufacturer releases a patch note, they are also announcing this vulnerability to the public (including cybercriminals). This is why you should always update your OS and software as soon as patches are made available.

Cybercriminals are constantly exploiting vulnerabilities in software, so running an outdated software version will significantly increase your risks of data breaches.

  • Misconfigured network ports

An improper server configuration, especially regarding network ports, can easily be exploited by cybercriminals. It’s very important to configure and optimize the server according to the server security best practices.

  • Unused accounts

Old and forgotten accounts are often used by hackers (after a successful brute force attack, for example) to gain access to the server. Make sure to perform periodic cleanups of old and obsolete accounts.

  • Poor physical security

Not all outside threats to your server’s security are digital in nature. When, for example, thieves gain physical access to your server, it is also compromised. Poorly secured dongle keys can also be very dangerous for your server’s security.

Basic server security guidelines

As mentioned in the introduction, we should treat server security in layers. Here are the basic steps of securing a web server that we can use as a foundation for the next layers:

  1. Make sure to regularly update the server’s OS (operating system) and all applications/software hosted on the server
  2. Configure the server’s OS to meet server security best practices: enable only necessary applications and services, and disable all unnecessary ones.
  3. Set all the account passwords (change all the default passwords) and use sufficiently strong passwords. Remove default accounts properly.
  4. Regularly monitor security-related announcements related to your server (i.e. follow your server manufacturer’s blog)
  5. Employ SSL (Secure Socket Layer) and TLS (Transport Layer Security) according to the data hosted on the server to implement encryption and authentication.
  6. Configure the server according to the manufacturer/vendor’s best practices. This may include installing the server software on a designated host provider, putting required access controls to sensitive/confidential files, and so on.
  7. Creating log files for future investigations and recovery purposes. Assign specific log file names accordingly, and make sure your log files won’t fill up the hard drive. Configure the log files to capture all the potentially risky activities (failed logins, sudden spikes in requests, unauthorized user access, etc. )
  8. Document all changes you’ve made to the system and application hosted in the server, and test all proposed changes before launching them.

Server security checklist

Now that we’ve discussed the basics of what good server security should look like, let’s share our server security checklist to ensure you have it all covered:

Step 1: Identify and record your server details

The first and arguably the most crucial step is to identify and make a note of all the important details of your server, like its MAC address, identification number, model name, etc. This is important so that you can get the right manual, check for compatibility with third-party software, and so on.

Step 2: Ensure physical protection

As mentioned, physical vulnerabilities can also cause serious data breaches and other threats to your server. Make sure your server is properly secured physically to prevent unauthorized access. For example, restrict access to the room where the server is physically located and only allow as few people as possible in this area. Ensure the keys to this room are always stored securely.

Step 3: Set up event logs

Enable traceability and accountability for everyone accessing the server by configuring event logs. Monitor these logs regularly and attend to any suspicious activity including, but not limited to, suspicious account login, changes in system configurations, and changes in permissions. Ideally, your event logs should be backed up on a separate server.

Step 4: Regularly update OS and software

Set a weekly (if possible, daily) schedule to update OS and any software or application hosted on the server. You should implement updates as soon as they are available.

Step 5: Remove unnecessary software

Regularly remove old and unused software, applications and OS components. Disable any unnecessary services. Forgotten unused applications can be just another gateway for hackers to invade your server.

Step 6: Monitor hardware performance

Vulnerabilities in hardware can also be fatal. Make sure to regularly maintain your hardware and perform routine inspections to identify damaged components that might need replacing.

Step 7: Maintain authenticity and integrity

Enforce authentication protocols as needed, for example enforcing the use of password managers and two-factor authentication (2FA) for all system administrators. Remove older administrator accounts that are no longer used.

Step 8: Regular backup

Automate regular server backups with the 3-2-1 backup rule (3 backups, 2 on the same site with the server but on different devices/mediums, and 1 backup copy off-site). Regularly check whether your backups are operating as expected. Test the backup recovery images as needed.

How to secure your server from outside attacks: best practices

In this section, we’ll share some practical server security best practices that you can follow for effective protection:

1. Only use secure connections

It is recommended to use SSH (Secure Shell) to establish a secure connection to your server. SSH actually can replace password-based authentication for your server, and since passwords are always vulnerable to brute force attacks, an SSH connection is better for securing your servers.

SSH utilizes a pair of cryptographic keys with a public and a private key. The public key can be shared with others (hence the name), but the private key must be stored securely by the server administrator. SSH will effectively encrypt all exchanged data.

An additional method to secure your connection is to use proxy servers. Since with a proxy server, your users are hidden behind the proxy’s masked IP address, it’s harder for attackers to target vulnerable user devices to gain access.

2. Install a bot mitigation solution 

Many attacks targeting servers are made possible with the use of malicious bots, for example for launching brute force, credential stuffing, and Layer 7 DoS attacks, among others. Thus, securing your server with a proper bot mitigation solution is recommended.

Bot mitigation software can use three different approaches in detecting and managing bot activities:

  • Rules-based: in this approach, the bot mitigation solution applies rules to block malicious traffic coming from known bots, specific IP addresses or ranges, etc. 
  • Challenge-based: the solution uses tests like Captcha to challenge the user. If it’s a legitimate human user, the challenge should be fairly easy to solve, while ideally automated programs (bots) would be unable to solve it.
  • AI-based: in this approach, the bot management solution analyzes vast numbers of signals, from OS version to mouse movements, to detect bots that try to mimic human user behavior.

Due to the sophistication of today’s bad bots, a bot management solution that is capable of behavioral-based detection is recommended. DataDome, for example, is an affordable bot management solution that uses AI and machine learning technologies to analyze both individual user behavior and global traffic patterns, and can mitigate malicious bot activities in real time.

3. Enforce the use of VPN

It’s recommended to use a VPN or actual private network to maintain secure data communications in and out of the server. With a private network, users will use private, untraceable IP addresses so it’s harder for hackers to identify the user and find vulnerabilities.

Also, when connecting to the server via VPN, this effectively encrypts data from and to the server, so hackers won’t be able to steal data during transmission.

4. Configure your server’s OS according to the server security best practices

Make sure your server’s operating system is properly configured:

  • Change the default administrator passwords, including on third-party applications hosted on the server
  • Set user authentications/privileges only to the bare minimum necessary for the user to do their specific job
  • Delete unused and unnecessary accounts regularly
  • Educate your team and share comprehensive guidelines regarding server security best practices, especially regarding passwords
  • Disable any unused/unnecessary applications and services

5. Regularly update your OS and software

As repeatedly discussed above, a very important aspect of securing your server is to make sure you are always running the most recent version of your OS and all your applications hosted on the server.

Updates should be installed as soon as they are available, especially when the patch notes mention “security fixes” or similar messages. You can set up automatic updates, or set up a regular schedule to perform updates if you want to maintain continuity.

Conclusion 

While it’s true that cybercriminals are getting more sophisticated in finding ways to breach your server, by implementing the server security best practices above we can ensure our servers are properly secured.

It’s important to approach server security in layers: the physical security of the server, the server’s OS, the third-party software installed in the server, and the network connected to the server.

Last but not least, it’s also important to educate users about proper server security best practices to avoid human errors.

DataDome
Paige Tester
Director of Content Marketing
Paige is the Director of Content Marketing for DataDome. With over a decade of expertise in content creation, she leads the development of in-depth, strategic content that highlights advanced bot detection and online fraud prevention techniques. Her work empowers cybersecurity professionals with actionable insights and cutting-edge knowledge, ensuring they stay ahead of emerging threats.

Related posts

DataDome
dd product home overview

Still exploring?

Start with an on-demand demo.

Watch a demo