How to Create a Secure Server

December 11, 2019 Jerry Vasquez

How can you secure the server that hosts your business’s data?

That’s one of the top questions companies big and small have struggled to answer since cybersecurity became a hot topic.

In today’s security environment, anybody is a potential target for an attack and, unfortunately for most, the next malware infection is right around the corner.

Whether caused by a bad password, lack of antivirus or firewall, or open ports, the high volume of cyberattacks, often targeted at specific industries and companies, forces companies to show initiative.

It’s become imperative to come up with a comprehensive security strategy to safeguard proprietary data and prevent web server security compromise. The secret to any strong security strategy is understanding the main risks and vulnerabilities that could compromise its integrity.

The three most prevalent risks in security as we move into 2020 are DoS attacks, Code Injection, and Cross-Site Scripting.”

But just what are these three security risks? Three Malicious Risks to Stay Secure From Moving into 2020

Three Malicious Risks to Stay Secure From Moving into 2020

Denial-of-Service (DoS) Attacks

In a DoS attack, offenders will overflow your server with junk data or falsified requests. The server is then forced to try to authenticate. This type of attack taxes server resources, making the websites inaccessible. If customers don’t have access to your business, then you could lose money and major points on brand reputation.

Code Injection

Code injection is when a vulnerability is exploited by an attacker and your site or application is changed for their own purposes. This usually leads to clients using your site or application and becoming comprised themselves.

Cross-Site Scripting

Cross-site scripting, also known as XSS, is a web application vulnerability that allows hackers to send misleading or malicious requests to your browser.

Need help securing your entire infrastructure? Download The Security Infrastructure Checklist for SMBs.

Between the various types of attack your business could face, a layered defense is critical to protect all assets that can be accessed through your web server. 8 Key Steps to a More Secure Web Server

8 Key Steps to a More Secure Web Server

1. Use Encrypted Information Transfer

Avoid insecure communication protocols such as telnet or plain FTP by instead using secure protocols such as sFTP or FTPs, SSH, and HTTPS.

You could add another layer of security by adding a VPN and IPSec, which can be used for remote access to your network.

A web server or firewall that supports any of these protocols will ensure all information going back and forth is encrypted for protection from third-party interference, which is absolutely critical if your website involves online transactions. Secure communication protocols are vital (and required by PCI Compliance) for web servers that operate with payment information for online transactions.

2. Adopt Complex Passwords and Multi-Factor Authentication Across the Entire Organization

No matter how many times security experts explain the importance of a strong password, weak passwords such as “admin123,” “123456” or an easy-to-crack dictionary word are still way too common.

Strong passwords are basic and effective, and just as important as using secure communication protocols. Organizations should use different, unique passwords and never reuse the same password for multiple accounts.

Make sure you update them every 60 days and never share them with anyone. No matter how strong they are, though, the only-password approach is becoming less dependable. A new layer of security is to introduce a multi-factor authentication strategy which leverages something as ubiquitous as a text message to further secure data resources.

3. Consider Linux as an Operating System for Your Web Server

Getting started with a new operating platform introduces a steep learning curve, which is why most companies, depending on their size and resources, need either an inside specialist or external help to continue running Windows.

While Windows remains a massively popular operating system, Apache powers a majority of the worlds web servers. As an open source Operating System, this allows any and all users to review its base code and provide updates and fixes for potential security flaws.

Switching to one of the several flavors of Linux (Ubuntu, Debian, red-hat) could potentially open additional avenues for your Web Server needs.

4. Consider Layers of Security for Both Hardware and Software

Wherever possible, I counsel use of a VPN and a firewall on all web applications and endpoints, including your server. This goes doubly if your organization is sharing the environment or space with another company.

Also, if you have not done so already, immediately install an antivirus solution to get advanced protection against malware, ransomware, brute force attacks or unauthorized remote access, and run routine security scans.

Hardening a server could take hours, but a server protection package like the one available to Liquid Web customers will optimize your security settings in no time. Maintain Scheduled Updates and Backups

5. Maintain Scheduled Updates and Backups

Keep updated, real-time backups of all data, databases, and application. And test the process! There’s nothing worse than finding out your backups have been failing until after you need them. Additionally, ensure you have offsite backups, while having local backups is great for quick restores of simple data keeping an offsite backup is the best way to ensure data recovery in the event of a catastrophic system failure.

Also, always check for web application updates to prevent software vulnerabilities. Security and software updates are not to be taken lightly and should be run as soon as they are available, especially if known to be critical such as OS, control panel, or content management system updates. Nearly 60% of organizations that suffered a data breach in the past two years cite as the culprit a known vulnerability for which they had not yet patched

6. Restrict Access to Servers and Directories

By restricting access to the servers and directories to only those who need it, you are controlling risk and limiting potential damages. Taking extra measures to prevent mismanagement or third-party unauthorized access on a physical level also means fewer potential issues.

Liquid Web data centers restrict physical access to staff member to prevent any negligence that could cause outages or affect your business. In the same way, permissions to change and delete files and directories should be set so that only administrators with appropriate clearance have more than read access.

7. Control Root Level Access on Your Server

The root user give full, unfettered access to your server to anyone wielding it. It’s massively powerful and should be used only when absolutely necessary. Further, access of this type should only be granted when necessary and with great scrutiny.

Think twice about the folk to whom you grant root level access.”

On a Liquid Web dedicated server, you have full root level access and are the only one who has full control over what happens on your server, so you can choose who gets that access and who doesn’t.

8. Choose Dedicated Servers for Top Protection

Even if you have a modest budget, dedicated servers deliver a specific level of protection for your data. Not only do they protect your sensitive information and ensure high server performance, but they also come with two top perks: they deliver both physical security, and can be customized according to your configuration needs.

Liquid Web's Dedicated Servers can easily be equipped with locked security cages, and include options for hardware firewalls as well as the standard bundled offerings, which provide services such as backups and protection against Distributed Denial-of-Service attacks.

Get the complete Security Infrastructure Checklist for SMBs

eBook - SMB Security Checklist

About the Author

Jerry Vasquez

A self-professed pirate captain with two decades of leadership experience, Jerry has led teams from 60+ cooks and chefs to 16 networking engineers. He brings those years of experience to his current role as Product Manager at Liquid Web, focusing on networking and security products. When not working or sleeping, Jerry can usually be found eating and having a good conversation with good people.

More Content by Jerry Vasquez
Previous Article
Become PCI Compliant with Liquid Web
Become PCI Compliant with Liquid Web

One way to protect your customers’ sensitive data is through PCI Compliance. Learn how our PCI Scanning can...

Next eBook
2019 SMB Data Loss Statistics
2019 SMB Data Loss Statistics

In 2019, many SMBs were affected by malicious attacks such as ransomware infections, which resulted in mone...

Secure Your Infrastructure With This List

Get Checklist