Public servers makes you a target

 In Security Blog

Different servers do different jobs

Everything from serving email and video to protecting internal networks and hosting Web sites. E.g.: Mail servers, web servers, Application servers, FTP server, Collaboration Servers, Proxy servers etc.

Exposing these servers to the internet without following the security best practices is not the best thing you can do as they will be frequently targeted by attackers for various reasons and the confidentiality integrity and the availability could be lost.

As a result of these intrusions an organization will lose reputation, customers, time, money and data. So, it is strictly advised to follow the security best practices, have a security plan and a policy for implementing it and monitoring its effectiveness and updating it as needed.

How to secure your servers

Before setting up a new server it is paramount to have a good deployment plan as it’s hard to address the security issues after the implementation. The use of a different set of security features available from firewalls or dedicated systems can and should be implemented:

  • Intrusion Detection Systems (IDS): Analyze and monitor network traffic for signs that indicate attackers are using a known cyberthreat to infiltrate or steal data from your network. IDS systems compare the current network activity to a known threat database to detect several kinds of behaviors like security policy violations, malware, and port scanners.
  • Intrusion Prevention Systems (IPS): IPS lives in the same area of the network as a firewall, between the outside world and the internal network. IPS proactively deny network traffic based on a security profile if that packet represents a known security threat.
  • Segmentation: Traditional networks are designed to be “crunchy on the outside and soft on the inside.” If someone gets through that perimeter (the crunchy surface), they’ll find a flat network infrastructure (the soft insides). Because most detective tools are externally focused, and not looking at what’s going on inside, the unwelcomed guest will have free range to perpetrate an attack. It’s also an obstacle for insiders because you can isolate sensitive data and systems from “curious” insiders.
  • Network Access Control (NAC): A NAC system can deny network access to noncompliant devices, place them in a quarantined area, or give them only restricted access to computing resources, thus keeping insecure nodes from infecting the network.
  • Proxy: A proxy can keep the internal network structure of a company secret by using network address translation, which can help the security of the internal network. This makes requests from machines and users on the local network anonymous.
  • WAF: A web application firewall (WAF) is an application firewall for HTTP applications. It applies a set of rules to an HTTP conversation. Generally, these rules cover common attacks such as cross-site scripting (XSS) and SQL injection.

While proxies generally protect clients, WAFs protect servers. A WAF is deployed to protect a specific web application or set of web applications. WAFs may come in the form of an appliance, server plugin, or filter, and may be customized to an application too.

Larger companies and high value targets should also consider implementing a DDoS service. These are usually high cost solutions but protects against targeted DDoS attacks which can take down your servers and internet connection.

How do you really know you are under attack?

Cyber criminals are always on the look out for easy targets and their preferred method is stealth, which means you have to always monitor for any irregularities. This is usually a full time job as you need to analyze information from a broad range of systems and act on suspicious activity. Depending on the size of your company there are several sources to get relevant information from: firewalls, antivirus, O365, syslogs, mobile phones, password managers, routers etc. This information needs to be sorted and sifted through in order to pick the relevant information connected to intruders. If you have the resources it can be done by implementing a SIEM solution which can receive all the information and let you analyze it in real time. Alternatively you can outsource to more advanced type of SOC services like our own Centry solution operated by security specialists.

If you are unsure on how to proceed in securing your environment, please contact us and we can help you get started or build your system from the ground up if needed.

Cyberon Security SOC Services
Recent Posts

Leave a Comment