Understanding the steps of an attack enables to limit the exposure of your system. It’s evident that taking some general steps can help protect you from possible server vulnerabilities an attacker might exploit.
So simple yet so important, but it can’t be stressed enough. Ensure that all available patches for your OS and applications are installed to avoid any security flaws that may exist. Many malware attacks (viruses and worms) take advantage of these security loopholes and exploit them.
Limit Running Services
In addition to patching your system, limit the services that are running. Just using services that are absolutely needed provides three advantages:
- Stopped services with vulnerabilities that can be exploited limits possible avenues of attacks.
- Reduces the number of services an administrator has to worry about patching.
- Reduces the amount of unneeded processes running in the background which in turn, can increase system performance.
This doesn’t only pertain to installing a firewall/anti-virus software on your machine. Though you are going to want one installed too. Antivirus software vary and each cannot catch all threats thrown at them. Choosing one is mostly a personal-preference choice. Whether its free or licensed, they all have there positives and negatives.
Going more in-depth for those running dedicated servers. Only open ports for the ports you need. Often times there are options to open all port-forwarding to your server and this is the last thing you want to do. Also, disable “Ping” on your router to avoid “ping sweeping”. Sending a “ping” (ICMP echo request) can be used verify your machine is reachable and that it exists. Disabling this may discourage hackers from targeting you and continuing their hack by port scanning, OS fingerprinting, and banner grabbing (determining running services).
Minimize Published Information
First and foremost, never discuss or post server configurations or details online. Profiling your infrastructure is a method often used by hackers that gather your system information and plan a successful attack. Provide the least amount of information about your organization, computing resources, and infrastructure. Don’t make it easy for them!
We won’t dive into this too deeply as this is a fairly large category ranging from setting strong password policies and using VPNs, to using a Network or Host-Based intrusion detection system. Though, if you are running a self-hosted HTTP, FTP server, or etc. there are different network configurations to consider such as placing your servers in the Demilitarized Zone (DMZ) so this way, if your servers are ever compromised, your local area network remains safe. Essentially the DMZ is is situated between an outside-facing firewall and internal (LAN) firewall. Any publicly accessible machines should be placed in this network area.
Test Your Security
Hack your system (or try to at least). This is one of the best ways to see any vulnerabilities that you may have missed or don’t know about. Try some software such as Nmap, superscan, and whois against your own system to see what hackers might see when they inevitably run similar tools against your network. Even search for open-sourced tools available and use them as well.
Lastly, backup your data, develop and implement a disaster recovery plan and business continuity plan and practice it.