Server security is dependent on many factors, including operating system and purpose. But some things are universal.
Server securityis an ongoing concern of IT, even when servers are protected in a data centre or virtualized in a cloud environment. A server breach can compromise an entire business, and just a single point of infection can be enough to spoil the whole soup.
In this era of remote and hybrid work, IT management demands are greater. With users working offsite on unmanaged devices using new technologies, attack vectors increase. Focus shifts to endpoint protection, which means critical vulnerabilities at the server level can easily be missed.
Let’s take a look at the top five server security concerns and best practices to address them:
Physical security is always the number one priority for a server. No matter what tricks, technologies or software you use, if you allow uncontrolled physical access to a server, you risk compromising the device. For a data centre, whether you own or use a cloud service, physical security is usually built into the operation. Only authorized people are allowed in the facility, and specific data halls or equipment cages may have additional levels of physical security, further limiting access to these critical assets.
Not every business can afford this level of security. But leaving a server sitting in an open office area is an invitation to unauthorized access. Simply keeping a departmental server locked in a closet can make a big difference. Running it headless, with no monitor or keyboard, provides an additional layer of security.
Explicit levels of administrative access control
Users with a requirement for administrative access, whether IT staff or business workers, should be assigned only those privileges necessary for them to accomplish their required tasks. Operating systems have granular levels of control so that administrative tasks can be assigned to specific users, without the need to grant overall administrative access rights. Web consoles for cloud services will also often offer graduated levels of administrative access, depending on the service. Remember that in almost all cases, less is more.
Keep server and application software updated
There is a reason that software vendors regularly patch and update their operating systems and applications. While many patches are to solve functional problems, there are almost always security patches that need to be applied to maintain server security.
Unpatched servers are one of the biggest sources of malware infections on the Internet, so unless you are planning to keep a server disconnected from the outside world, you need to make sure that, at the very least, security patches are applied as they appear and are tested. For cloud-based servers and applications, you may need to regularly update client software running on your end to make certain that the latest security fixes have been applied.
Keeping up-to-date on these changes can also create staffing issues, especially at smaller businesses where the IT department may consist of just a handful of people. One solution to this problem is to outsource these sorts of tasks to an outside vendor or partner, to allow your in-house staff to focus on mission-critical tasks.
Maintain application security
Many applications, especially those with web-based or collaborative components, have their own security models. Because the applications themselves may have elevated security privileges based on the needs of the application, allowing unsecured access to the applications and their resources can compromise the security of the hosting servers.
Specific applications, such as web servers, will have their own security processes that need to be followed. Proper installation and management of the applications will prevent the sort of user-introduced errors that can compromise server security.
Turn off every function the server doesn’t need
Servers don’t need web browsers, yet you often find them present. Disable them or, depending on the operating system, remove them completely. If you’re running a Windows Server for file and print services, it needs very few other features installed.
Do your homework and disable any other feature unnecessary to the desired operation. Every extra feature that has remote access or availability provides another potential avenue for an attack.
Maintaining secure servers is, in various ways, simply limiting the opportunities for access — by staff, strangers, viruses and malware. Keeping strict limits can go a long way to keeping a secure computing environment.
Get a complete picture of your system security: consider outsourcing an IT security assessment.
Know how effective your safeguards are with an expert review of your security. Ricoh offers four types of security assessments including vulnerability assessments, penetration tests, web application tests and social engineering tests.
Discover a new way to work
Ricoh's Digital Workplace Solutions combine the right services, expertise and technology to optimize the flow of information, so you can improve employee productivity, better serve your customers and grow your business.