How can you secure the server that hosts your business’s data?
That’s one of the top questions companies big and small have struggled to answer since cybersecurity became a hot topic.
In today’s security environment, anybody is a potential target for an attack and, unfortunately for most, the next malware infection is right around the corner.
Whether caused by a bad password, lack of antivirus or firewall, or open ports, the high volume of cyberattacks, often targeted at specific industries and companies, forces companies to show initiative.
It’s become imperative to come up with a comprehensive security strategy to safeguard proprietary data and prevent web server security compromise. The secret to any strong security strategy is understanding the main risks and vulnerabilities that could compromise its integrity.
The three most prevalent risks in security as we move into 2020 are DoS attacks, Code Injection, and Cross-Site Scripting.”
But just what are these three security risks?
Three Malicious Risks to Stay Secure From Moving into 2020
Denial-of-Service (DoS) Attacks
In a DoS attack, offenders will overflow your server with junk data or falsified requests. The server is then forced to try to authenticate. This type of attack taxes server resources, making the websites inaccessible. If customers don’t have access to your business, then you could lose money and major points on brand reputation.
Code injection is when a vulnerability is exploited by an attacker and your site or application is changed for their own purposes. This usually leads to clients using your site or application and becoming comprised themselves.
Cross-site scripting, also known as XSS, is a web application vulnerability that allows hackers to send misleading or malicious requests to your browser.
Between the various types of attack your business could face, a layered defense is critical to protect all assets that can be accessed through your web server.
8 Key Steps to a More Secure Web Server
1. Use Encrypted Information Transfer
Avoid insecure communication protocols such as telnet or plain FTP by instead using secure protocols such as sFTP or FTPs, SSH, and HTTPS.
You could add another layer of security by adding a VPN and IPSec, which can be used for remote access to your network.
A web server or firewall that supports any of these protocols will ensure all information going back and forth is encrypted for protection from third-party interference, which is absolutely critical if your website involves online transactions. Secure communication protocols are vital (and required by PCI Compliance) for web servers that operate with payment information for online transactions.
2. Adopt Complex Passwords and Multi-Factor Authentication Across the Entire Organization
No matter how many times security experts explain the importance of a strong password, weak passwords such as “admin123,” “123456” or an easy-to-crack dictionary word are still way too common.
Strong passwords are basic and effective, and just as important as using secure communication protocols. Organizations should use different, unique passwords and never reuse the same password for multiple accounts.
Make sure you update them every 60 days and never share them with anyone. No matter how strong they are, though, the only-password approach is becoming less dependable. A new layer of security is to introduce a multi-factor authentication strategy which leverages something as ubiquitous as a text message to further secure data resources.
3. Consider Linux as an Operating System for Your Web Server
Getting started with a new operating platform introduces a steep learning curve, which is why most companies, depending on their size and resources, need either an inside specialist or external help to continue running Windows.
While Windows remains a massively popular operating system, Apache powers a majority of the worlds web servers. As an open source Operating System, this allows any and all users to review its base code and provide updates and fixes for potential security flaws.
Switching to one of the several flavors of Linux (Ubuntu, Debian, red-hat) could potentially open additional avenues for your Web Server needs.
4. Consider Layers of Security for Both Hardware and Software
Wherever possible, I counsel use of a VPN and a firewall on all web applications and endpoints, including your server. This goes doubly if your organization is sharing the environment or space with another company.
Also, if you have not done so already, immediately install an antivirus solution to get advanced protection against malware, ransomware, brute force attacks or unauthorized remote access, and run routine security scans.
Hardening a server could take hours, but a server protection package like the one available to Liquid Web customers will optimize your security settings in no time.
5. Maintain Scheduled Updates and Backups
Keep updated, real-time backups of all data, databases, and application. And test the process! There’s nothing worse than finding out your backups have been failing until after you need them. Additionally, ensure you have offsite backups, while having local backups is great for quick restores of simple data keeping an offsite backup is the best way to ensure data recovery in the event of a catastrophic system failure.
Also, always check for web application updates to prevent software vulnerabilities. Security and software updates are not to be taken lightly and should be run as soon as they are available, especially if known to be critical such as OS, control panel, or content management system updates. Nearly 60% of organizations that suffered a data breach in the past two years cite as the culprit a known vulnerability for which they had not yet patched.
6. Restrict Access to Servers and Directories
By restricting access to the servers and directories to only those who need it, you are controlling risk and limiting potential damages. Taking extra measures to prevent mismanagement or third-party unauthorized access on a physical level also means fewer potential issues.
Liquid Web data centers restrict physical access to staff member to prevent any negligence that could cause outages or affect your business. In the same way, permissions to change and delete files and directories should be set so that only administrators with appropriate clearance have more than read access.
7. Control Root Level Access on Your Server
The root user give full, unfettered access to your server to anyone wielding it. It’s massively powerful and should be used only when absolutely necessary. Further, access of this type should only be granted when necessary and with great scrutiny.
Think twice about the folk to whom you grant root level access.”
On a Liquid Web dedicated server, you have full root level access and are the only one who has full control over what happens on your server, so you can choose who gets that access and who doesn’t.
8. Choose Dedicated Servers for Top Protection
Even if you have a modest budget, dedicated servers deliver a specific level of protection for your data. Not only do they protect your sensitive information and ensure high server performance, but they also come with two top perks: they deliver both physical security, and can be customized according to your configuration needs.
Liquid Web's Dedicated Servers can easily be equipped with locked security cages, and include options for hardware firewalls as well as the standard bundled offerings, which provide services such as backups and protection against Distributed Denial-of-Service attacks.
Get the complete Security Infrastructure Checklist for SMBs
About the AuthorMore Content by Jerry Vasquez