Preventative Measures
A preventative measure is a tool or component set in place to deter hackers or bots from attacking a server and to forcibly stop them if they still try. These tools range from physical safety devices to software programs designed to detect exploits or viruses.
Firewall
Some believe that security begins and ends with the firewall. If that were the case, most sites would be hacked on a regular basis. A firewall is a network application that prevents unauthorized use of network ports and protocols. Since it still allows authorized use, an attacker can still easily attack the server using an authorized method, such as accessing a website. Nevertheless, a firewall is necessary and can lessen the number of possible attacks and their effects.
For a dedicated server, you will normally have two firewalls. The first line of defense will be the router firewall. In a data center, a server may be connected to a router with several other servers. The router's firmware should have firewall software built into it.
The second line of defense is a software firewall installed on the server. Linux has built-in kernel firewall support, and system administrators can access it through software called iptables. Some Linux distributions have frontends for iptables, and you can also install additional software, such as APF (Advanced Policy Firewall), for easier firewall configuration.
OS Security
Linux is regarded to be one of the most secure operating systems, but keeping it secure still requires effort. Whenever Linux developers find a vulnerability in the kernel, they will create a patch to fix it. These patches are usually applied to new security release versions that Linux distributions will pick up and push out to their users. For that reason, you need to perform regular updates of your server's operating system.
Other OS security to consider:
Software Security
Any Linux software that interacts with the network needs to be secured. Some of the most important software applications to secure are (examples in parentheses):
1. Web Server (Apache)
With web servers like Apache, security is always going to be a concern. That is because it is the most exposed piece of software on the server. Anyone with a web browser can access it through your websites.
Because HTML is designed to be a one-way presentation, static sites are usually secure, but most modern sites have dynamic components, such as server-side scripting languages (PHP, ASP.Net, Python, etc.). By creating dynamic web applications, you also make your website more vulnerable, since attackers can search for vulnerabilities in the code and formulate URLs to exploit them.
The first method of preventing exploits is to test your code for cross-site-scripting (XSS) weaknesses and other vulnerabilities. You should also keep any content management systems or other third-party web applications updated.
The second prevention method is to use an application firewall, such as ModSecurity. Rather than blocking attackers from unauthorized ports, ModSecurity takes care of the most vulnerable authorized one, which is the web server's port. It does this by limiting what Apache can do with various scripting languages, effectively preventing web applications from unintentionally allowing someone to take over a portion of the server. It also allows for tweaking and customization to suit your specific security needs.
2. Mail Server (Postfix)
Mail servers can be hot spots for security breaches and unwanted solicitation. To prevent your mail server from being exploited, consider the following:
3. Shell access and file transfer (SSH and FTP)
Defensive Measures
To defend a server under attack, the first thing to do is find out what exactly is happening. An attack could come from a vulnerable script run by the web server. If so, patching the script will usually stop the attack. On the other hand, an attack on the mail server through repeated requests can be stopped by limiting the number and frequency of requests. Often times, a defensive measure will require the implementation of a preventative measure that should prevent future attacks.
You can also use software and a variety of free and paid services to scan your server for exploits and offer solutions to fix them. These include rootkit scanners, virus scanners, server monitoring systems, and website vulnerability tests. Find the cause of the problem and fix it as soon as possible.
In rare instances, the attack on your server may be due to an exploit in actual system software. In those cases, you may have to temporarily disable the software and upgrade to a newer, more secure version. If there is no newer version, you may need to report the exploit to the software developers, who will then release a fix as soon as possible. You may find that they are already aware of the problem and offer a temporary workaround.
Any operational business model relies heavily on IT support and the help desk to achieve maximum uptime for all IT systems. This white paper addresses ways for help desk analysts and IT support staff to easily and efficiently handle their workload by simplifying and automating processes to increase time and operational cost savings, enhance productivity, and boost customer satisfaction. more