Server Security: [Essay Example], 1212 words GradesFixer
exit-popup-close

Haven't found the right essay?

Get an expert to write your essay!

exit-popup-print

Professional writers and researchers

exit-popup-quotes

Sources and citation are provided

exit-popup-clock

3 hour delivery

exit-popup-persone
close
This essay has been submitted by a student. This is not an example of the work written by professional essay writers.

Server Security

Download Print

Pssst… we can write an original essay just for you.

Any subject. Any type of essay.

We’ll even meet a 3-hour deadline.

Get your price

121 writers online

blank-ico
Download PDF

Secured server refers to the web server that guarantees safe online transactions and it uses the Secure Socket Layer (SSL) for encrypting and decrypting data so that data would not face unauthorized access. There are several kinds of data which are stored on a server such as high, moderate and low-risk data [1]. Examples of the high-risk server are departmental email servers, Active Directory, DNS etc. ; examples of moderate risk servers are a database of non-public contracts, an online server for student admission etc. and examples of low-risk servers are online maps, bus schedules, university online catalog displaying academic course description etc. There are several practices which are performed which are considered as best security practices for server protection such as patching, inventory, firewall controlled access, locking down of the software, centralized logging, intrusion detection, DBG review, dedicated admin workstation, use of SSH keys, VPNs and private networking etc.[2] These security methodologies are discussed ahead in brief.

SSH keys

SSH, or secure shell, is a secure protocol and the most common way of safely administering remote servers. Using an ample of encryption techniques, SSH provides a mechanism for establishing a cryptographically secured connection between two parties, authenticating each side to the other, and passing commands and output[3]. To configure the SSH key authentication, you must place the user’s public key on the server in a special directory. When the user connects to the server, the server will ask for proof that the client has the associated private key. The SSH client will use the private key to respond in a way that proves ownership of the private key. The server will then let the client connect without a password.

Firewalls

Firewall is a software (or hardware) which controls what services are exposed to the network which means blocking or restricting access to every port except for those that should be publicly available.

On a typical server, a number of services may be running by default. These can be categorized into the following groups:

Public services that can be accessed by anyone on the internet, often anonymously. A good example of this is a web server that might allow access to your site.
Private services that should only be accessed by a select group of authorized accounts or from certain locations. An example of this may be a database control panel.
Internal services that should be accessible only from within the server itself, without exposing the service to the outside world. For example, this may be a database that only accepts local connections.

Firewalls are an essential part of any server configuration. Even if your services themselves implement security features or are restricted to the interfaces you’d like them to run on, a firewall serves as an extra layer of protection.

A properly configured firewall will restrict access to everything except the specific services you need to remain open. Exposing only a few pieces of software reduces the attack surface of your server, limiting the components that are vulnerable to exploitation.

VPNs and Private Networking

Private networks are networks that are only available to certain servers or users. For instance, in DigitalOcean, private networking is available in some regions as a data center wide network.

A VPN, or virtual private network, is a way to create secure connections between remote computers and present the connection as if it were a local private network. This provides a way to configure your services as if they were on a private network and connect remote servers over secure connections.

Utilizing private instead of public networking for internal communication is almost always preferable given the choice between the two. However, since other users within the data center are able to access the same network, you still must implement additional measures to secure communication between your servers.

Using a VPN is, effectively, a way to map out a private network that only your servers can see. Communication will be fully private and secure. Other applications can be configured to pass their traffic over the virtual interface that the VPN software exposes. This way, only services that are meant to be consumable by clients on the public internet need to be exposed on the public network.

Public Key Infrastructure and SSL/TLS Encryption

Public key infrastructure, or PKI, refers to a system that is designed to create, manage, and validate certificates for identifying individuals and encrypting communication. SSL or TLS certificates can be used to authenticate different entities to one another. After authentication, they can also be used to establish encrypted communication.

Service Auditing

Up until now, we have discussed some technology that you can implement to improve your security. However, a big portion of security is analyzing your systems, understanding the available attack surfaces, and locking down the components as best as you can.

Service auditing is a process of discovering what services are running on the servers in your infrastructure. Often, the default operating system is configured to run certain services at boot. Installing additional software can sometimes pull in dependencies that are also auto-started.

File Auditing and Intrusion Detection Systems

File auditing is the process of comparing the current system against a record of the files and file characteristics of your system when it is a known-good state. This is used to detect changes to the system that may have been authorized.

An intrusion detection system, or IDS, is a piece of software that monitors a system or network for unauthorized activity. Many host-based IDS implementations use file auditing as a method of checking whether the system has changed.

Isolated Execution Environments

Isolating execution environments refers to any method in which individual components are run within their own dedicated space.

This can mean separating out your discrete application components to their own servers or may refer to configuring your services to operate in chroot environments or containers. The level of isolation depends heavily on your application’s requirements and the realities of your infrastructure.

Kerberos

Kerberos is a system that supports authentication in distributed systems. Originally designed to work with secret key encryption, Kerberos, in its latest version, uses public key technology to support key exchange. The Kerberos system was designed at Massachusetts Institute of Technology. [STE88, KOH93]

Kerberos is used for authentication between intelligent processes, such as client-to-server tasks, or a user’s workstation to other hosts. Kerberos is based on the idea that a central server provides authenticated tokens, called tickets, to requesting applications. A ticket is an unforgeable, nonrepayable, authenticated object. That is, it is an encrypted data structure naming a user and a service that the user is allowed to obtain. It also contains a time value and some control information.[4]

Criteria followed to distinguish the security practices

Mediated access: This principle is based on centralizing security controls to protect groups of assets or security domains. In that sense, firewalls, proxies, and other security controls act on behalf of the assets they are designed to protect and mediate the trust relationships between security domains. Special considerations should be in place to prevent the mediation component from becoming a single point of failure.

Accountability and traceability: This concept implies the existence of risk and the ability to manage and mitigate it, and not necessarily avoid or remove it. Information security architectures should provide mechanisms to track activity.

Remember: This is just a sample from a fellow student.

Your time is important. Let us write you an essay from scratch

100% plagiarism free

Sources and citations are provided

Find Free Essays

We provide you with original essay samples, perfect formatting and styling

Cite this Essay

To export a reference to this article please select a referencing style below:

Server Security. (2018, October 08). GradesFixer. Retrieved October 27, 2020, from https://gradesfixer.com/free-essay-examples/server-security/
“Server Security.” GradesFixer, 08 Oct. 2018, gradesfixer.com/free-essay-examples/server-security/
Server Security. [online]. Available at: <https://gradesfixer.com/free-essay-examples/server-security/> [Accessed 27 Oct. 2020].
Server Security [Internet]. GradesFixer. 2018 Oct 08 [cited 2020 Oct 27]. Available from: https://gradesfixer.com/free-essay-examples/server-security/
copy to clipboard
close

Sorry, copying is not allowed on our website. If you’d like this or any other sample, we’ll happily email it to you.

    By clicking “Send”, you agree to our Terms of service and Privacy statement. We will occasionally send you account related emails.

    close

    Attention! this essay is not unique. You can get 100% plagiarism FREE essay in 30sec

    Recieve 100% plagiarism-Free paper just for 4.99$ on email
    get unique paper
    *Public papers are open and may contain not unique content
    download public sample
    close

    Sorry, we cannot unicalize this essay. You can order Unique paper and our professionals Rewrite it for you

    close

    Thanks!

    Your essay sample has been sent.

    Want us to write one just for you? We can custom edit this essay into an original, 100% plagiarism free essay.

    thanks-icon Order now
    boy

    Hi there!

    Are you interested in getting a customized paper?

    Check it out!
    Having trouble finding the perfect essay? We’ve got you covered. Hire a writer

    GradesFixer.com uses cookies. By continuing we’ll assume you board with our cookie policy.