close
test_template

Server Security

download print

About this sample

About this sample

close

Words: 1212 |

Pages: 3|

7 min read

Published: Oct 11, 2018

Words: 1212|Pages: 3|7 min read

Published: Oct 11, 2018

Table of contents

  1. SSH Keys
  2. Firewalls
  3. VPNs and Private Networking
  4. Public Key Infrastructure and SSL/TLS Encryption
  5. Service Auditing
  6. File Auditing and Intrusion Detection Systems
  7. Isolated Execution Environments
  8. Kerberos
  9. Criteria Followed to Distinguish the Security Practices

Secured server refers to the web server that guarantees safe online transactions and it uses the Secure Socket Layer (SSL) for encrypting and decrypting data so that data would not face unauthorized access. There are several kinds of data which are stored on a server such as high, moderate and low-risk data [1]. Examples of the high-risk server are departmental email servers, Active Directory, DNS etc. ; examples of moderate risk servers are a database of non-public contracts, an online server for student admission etc. and examples of low-risk servers are online maps, bus schedules, university online catalog displaying academic course description etc. There are several practices which are performed which are considered as best security practices for server protection such as patching, inventory, firewall controlled access, locking down of the software, centralized logging, intrusion detection, DBG review, dedicated admin workstation, use of SSH keys, VPNs and private networking etc.[2] These security methodologies are discussed ahead in brief.

'Why Violent Video Games Shouldn't Be Banned'?

SSH Keys

SSH, or secure shell, is a secure protocol and the most common way of safely administering remote servers. Using an ample of encryption techniques, SSH provides a mechanism for establishing a cryptographically secured connection between two parties, authenticating each side to the other, and passing commands and output[3]. To configure the SSH key authentication, you must place the user's public key on the server in a special directory. When the user connects to the server, the server will ask for proof that the client has the associated private key. The SSH client will use the private key to respond in a way that proves ownership of the private key. The server will then let the client connect without a password.

Firewalls

Firewall is a software (or hardware) which controls what services are exposed to the network which means blocking or restricting access to every port except for those that should be publicly available.

On a typical server, a number of services may be running by default. These can be categorized into the following groups:

Public services that can be accessed by anyone on the internet, often anonymously. A good example of this is a web server that might allow access to your site.
Private services that should only be accessed by a select group of authorized accounts or from certain locations. An example of this may be a database control panel.
Internal services that should be accessible only from within the server itself, without exposing the service to the outside world. For example, this may be a database that only accepts local connections.

Firewalls are an essential part of any server configuration. Even if your services themselves implement security features or are restricted to the interfaces you'd like them to run on, a firewall serves as an extra layer of protection.

A properly configured firewall will restrict access to everything except the specific services you need to remain open. Exposing only a few pieces of software reduces the attack surface of your server, limiting the components that are vulnerable to exploitation.

VPNs and Private Networking

Private networks are networks that are only available to certain servers or users. For instance, in DigitalOcean, private networking is available in some regions as a data center wide network.

A VPN, or virtual private network, is a way to create secure connections between remote computers and present the connection as if it were a local private network. This provides a way to configure your services as if they were on a private network and connect remote servers over secure connections.

Utilizing private instead of public networking for internal communication is almost always preferable given the choice between the two. However, since other users within the data center are able to access the same network, you still must implement additional measures to secure communication between your servers.

Using a VPN is, effectively, a way to map out a private network that only your servers can see. Communication will be fully private and secure. Other applications can be configured to pass their traffic over the virtual interface that the VPN software exposes. This way, only services that are meant to be consumable by clients on the public internet need to be exposed on the public network.

Public Key Infrastructure and SSL/TLS Encryption

Public key infrastructure, or PKI, refers to a system that is designed to create, manage, and validate certificates for identifying individuals and encrypting communication. SSL or TLS certificates can be used to authenticate different entities to one another. After authentication, they can also be used to establish encrypted communication.

Service Auditing

Up until now, we have discussed some technology that you can implement to improve your security. However, a big portion of security is analyzing your systems, understanding the available attack surfaces, and locking down the components as best as you can.

Service auditing is a process of discovering what services are running on the servers in your infrastructure. Often, the default operating system is configured to run certain services at boot. Installing additional software can sometimes pull in dependencies that are also auto-started.

File Auditing and Intrusion Detection Systems

File auditing is the process of comparing the current system against a record of the files and file characteristics of your system when it is a known-good state. This is used to detect changes to the system that may have been authorized.

An intrusion detection system, or IDS, is a piece of software that monitors a system or network for unauthorized activity. Many host-based IDS implementations use file auditing as a method of checking whether the system has changed.

Isolated Execution Environments

Isolating execution environments refers to any method in which individual components are run within their own dedicated space.

This can mean separating out your discrete application components to their own servers or may refer to configuring your services to operate in chroot environments or containers. The level of isolation depends heavily on your application's requirements and the realities of your infrastructure.

Kerberos

Kerberos is a system that supports authentication in distributed systems. Originally designed to work with secret key encryption, Kerberos, in its latest version, uses public key technology to support key exchange. The Kerberos system was designed at Massachusetts Institute of Technology. [STE88, KOH93]

Kerberos is used for authentication between intelligent processes, such as client-to-server tasks, or a user's workstation to other hosts. Kerberos is based on the idea that a central server provides authenticated tokens, called tickets, to requesting applications. A ticket is an unforgeable, nonrepayable, authenticated object. That is, it is an encrypted data structure naming a user and a service that the user is allowed to obtain. It also contains a time value and some control information.[4]

Criteria Followed to Distinguish the Security Practices

Mediated access: This principle is based on centralizing security controls to protect groups of assets or security domains. In that sense, firewalls, proxies, and other security controls act on behalf of the assets they are designed to protect and mediate the trust relationships between security domains. Special considerations should be in place to prevent the mediation component from becoming a single point of failure.

Get a custom paper now from our expert writers.

Accountability and traceability: This concept implies the existence of risk and the ability to manage and mitigate it, and not necessarily avoid or remove it. Information security architectures should provide mechanisms to track activity.

Image of Alex Wood
This essay was reviewed by
Alex Wood

Cite this Essay

Server Security. (2018, October 08). GradesFixer. Retrieved March 28, 2024, from https://gradesfixer.com/free-essay-examples/server-security/
“Server Security.” GradesFixer, 08 Oct. 2018, gradesfixer.com/free-essay-examples/server-security/
Server Security. [online]. Available at: <https://gradesfixer.com/free-essay-examples/server-security/> [Accessed 28 Mar. 2024].
Server Security [Internet]. GradesFixer. 2018 Oct 08 [cited 2024 Mar 28]. Available from: https://gradesfixer.com/free-essay-examples/server-security/
copy
Keep in mind: This sample was shared by another student.
  • 450+ experts on 30 subjects ready to help
  • Custom essay delivered in as few as 3 hours
Write my essay

Still can’t find what you need?

Browse our vast selection of original essay samples, each expertly formatted and styled

close

Where do you want us to send this sample?

    By clicking “Continue”, you agree to our terms of service and privacy policy.

    close

    Be careful. This essay is not unique

    This essay was donated by a student and is likely to have been used and submitted before

    Download this Sample

    Free samples may contain mistakes and not unique parts

    close

    Sorry, we could not paraphrase this essay. Our professional writers can rewrite it and get you a unique paper.

    close

    Thanks!

    Please check your inbox.

    We can write you a custom essay that will follow your exact instructions and meet the deadlines. Let's fix your grades together!

    clock-banner-side

    Get Your
    Personalized Essay in 3 Hours or Less!

    exit-popup-close
    We can help you get a better grade and deliver your task on time!
    • Instructions Followed To The Letter
    • Deadlines Met At Every Stage
    • Unique And Plagiarism Free
    Order your paper now