It seems like at least once a month now a big story breaks about a company getting hacked and all the damage that this did. For this reason, it’s important you take precautions with your computer by using security software and working from within a firewall whenever possible. However, if you think your computer is a target, consider the treasure trove a server represents. Fortunately, with the following methods, you should have a better chance of keeping yours safe from hackers.
Understand Network Flow
If you understand the regular network flow your server is supposed to receive and send—in terms of requests—then you should be able to allow and check them (requests/content inspection). At the same time, you should also be able to deny other traffic via a firewall.
An effective network isolation measure like this will be successful in reducing the risk of an intrusion burrowing into your production network or some kind of malware spreading, amongst other things.
Separate Your DMZ and LAN
Your demilitarized zone (DMZ) is supposed to provide a buffer space between the private network your company uses and the public network outside. This way, anyone on the outside is prevented from obtaining direct access to any server hosting company data.
For this reason, it’s essential that your DMZ isn’t able to connect directly to your local-area network (LAN). Firewalls should guarantee this, but always double check to be sure (and test regularly to be certain this hasn’t changed).
Make Sure No One Can Request Your Web Server Directly
Obviously, you don’t want someone being able to just pull up your web server at will. That doesn’t take any type of hacker-like intelligence to try either. However, there should be no less than three security filtering layers present for filtering your web server so this can’t happen.
Ideally, the three layers you’ll use will be:
- Firewall for accepting protocols and sources
- NIPS (Network Intrusion Protection System) for detecting and blocking suspicious network requests
- WAF (Web Application Firewall) for application-oriented security
Clients Shouldn’t Be Able to Request Your Server
While it might seem nice to give clients this level of access, you’re exposing a pretty big vulnerability by doing so. The decision to allow clients to request your server will definitely facilitate attacks if a hacker decides to make you a target.
Utilize a reverse proxy at the front-end of your web server. Not only will this help with better load balancing, but it will also make your job easy in terms of managing legitimate network flow.
Audit Hosted Code Regularly
It’s sad to say, but you can’t even trust hosted code with your server’s security. Hackers are great about finding vulnerabilities within the code and exploiting it for their purposes. That’s why you need to audit hosted code regularly. Obviously, you also want to update any and all software as necessary too.
Stay Aware of New Threats
Like we mentioned at the beginning, hacker attacks regularly make the news throughout the year. Always keep tabs on what’s happening with their cyber attacks, so you can prepare and respond accordingly.
As you already know, hackers are a very serious threat and they love going after servers. That’s why, when you decide on dedicated servers, ServerPronto should be your first choice. We’ve become well known for providing servers to companies just like yours, including top-of-the-line security features.
ServerPronto offers the best affordable and secure hosting service in all dedicated server packages.
Source: http://social.technet.microsoft.com/wiki/contents/articles/13974.security-best-practices-to-protect-internet-facing-web-servers.aspx
Photo cred: Flickr /Â brianklug
Comments are closed.