Defending your dedicated server against attacks
Updated: Jan 22, 2021
Configuring and defending your dedicated server against attacks from outside your network or data center is good practice. However actually testing the defenses is the best way to determine how fortified your dedicated server really is. There are several ways to do this.
Thinking Like a Bad Guy
Hackers are not blindly going after any and all servers in cyberspace trying to get into anything they find. This is simply a waste of time and effort since there are always easier targets out there with weaker or no defenses at all. Most hackers will do some simple information gathering to determine exactly who they are targeting, what Operating System they are running, how many employees, how past security issues were handled (news & updates postings for example), how the site works and interacts with visitors/clients, and where they are defended and not so well defended. Is it a financial site, a database of clients, local or foreign etc?
After some time, an opening can present itself in the form of a new script exploit, something in the news about a vulnerability or simply trying a new attack during a company event or update.
Remember to update before hackers can take advantage of a new script or software vulnerability.
Since hackers are searching for paths of minimal resistance on an ongoing basis, always keep security a top priority at all times. Make sure to let your security policies adapt alongside new threats. This is why it is important to conduct regular penetration testing to ensure your security software and hardware passes ongoing tests.
Testing Your Defenses
There are several ways to test your security defenses using several outside services run by experts in this particular field. These range from free security scanning to more sophisticated services that perform more deep and thorough scanning. One such service is SiteLock which performs scans on your network, checks for malware or SQL Injections, set up a web application firewall etc.
For more information on security threats and definitions please visit SiteLock
If you do find security holes in your dedicated server there is always the option to acquire the services of a security scanning service. They can patch up the vulnerabilities (usually at an added cost) or ask your dedicated server provider for assistance. Managed servers include security monitoring as part of their value-added services and technical support coverage.
Hackers Can Help
Another good way to test whether your security is up to the task is to seriously consider having it tested by outside “white hat” hacker services. These hackers can help in defending your dedicated server against attacks by revealing server vulnerabilities.
Attacks do not always come in the form of software, scripts or brute force attacks and cracking. In many cases, hackers will go after individuals with administrative or high-security clearance to obtain confidential or personal information. This might be via Facebook or LinkedIn where it would not be difficult to find someone working for a particular company. Then from there, proceed with targeted attacks and phishing attempts to gain access to secure areas. They trick the victim into revealing the administrative or root password, usually via a legitimate-looking company website or email, among many other tricks.
Monitoring User Activity
Monitoring user activity also helps in Defending your dedicated server against attacks. If an employee is downloading an entire database at one time, user activity monitoring should detect this. This would not be a normal activity for one person to do. Strange patterns or unusually activity on a dedicated server should also be a warning sign. Are there monitoring tools in place to raise awareness of these activities? If so, what are the safety procedures and who is notified?
Log management runs alongside monitoring user activity and should be set up to keep track of what users log in where, accessed what and for how long. Also, if anything was done to certain files would also be a helpful feature. Viewing several files is not the same as downloading them either. It is still, however, much more important to prevent intrusions or unauthorized access from happening in the first place. If it happens, minimizing the damage and minimizing access time as quickly as possible can help a great deal in limiting the intrusion.
Security Information and Event Management solutions
Security Information and Event Management solutions work in real-time, can provide log reports, provide alerts and retain log data. Cost is an issue here for some as some systems ad up to several thousand dollars. However, the costs may outweigh the risks of an attack. Every business that must stay online should strongly consider this option.
A cheap solution to prevent phishing, for example, is to inform employees or clients of these types of attacks. Let them know how your system works how passwords are retrieved and simply how a help desk operates so they know what would be considered unusual and what to avoid. This also includes providing limited information on social networking sites (as mentioned earlier.) Hackers won’t have an easy way of setting up phishing emails and copycat login pages because of this.