Download Securing network servers

Kevin Arnold
Professor William Oblitey
COSC 356
12 April 2012
Securing Network Servers
With the development of computer networks over the past two decades, it has created the
need for networked servers. Network servers today store valuable and confidential information
of organizations; information is knowledge and knowledge is power. The purpose of this paper is
to provide an understanding of the activities performed in securing network servers that provide
services over network communications as a main function. Communication can be in the form of
outward–facing publically accessible servers, such as web servers, e-mail servers, file servers,
database servers, user authentication servers and many more. There are also inward–facing
servers, which are only available to the organizations that own and run the servers, and are
managed via a firewall.
Network servers are often deployed to provide centralized access to information and
resources. These can include file and database servers, which are the most useful to an attacker
who wants to compromise a server. Security breaches on a network can result in the disclosure of
critical information that can affect the entire organization. Therefore, securing network servers
should be a significant part of a company’s network and information security strategy.
To secure a server, it is essential to first define the threats that must be mitigated. Many
threats against data and resources are possible because of mistakes such as bugs and
vulnerabilities in the operating system or server software, and also, errors made by end users and
administrators. Threats can come from intentional actors, attackers who want resources from a
server, or unintentional actors, such as an administrator who forgets to disable the account of a
former employee. Threats can also be local, a disgruntled employee, or remote, such as an
attacker outside the company anywhere in the world. An important element of planning the
appropriate security controls for a server is understanding the threats associated with the
environment in which the server is deployed.
“Many security problems can be avoided if servers and networks are appropriately
configured. Default hardware and software configurations are typically set by vendors to
emphasize features and functions more than security. Since vendors are not aware of your
security needs, you must configure new servers to reflect your security requirements and
reconfigure them as your requirements change.” (Securing Network Servers, 2000)
There are four major security issues related to network servers: confidentiality,
availability, integrity, and mutual authentication. Confidentiality refers to protecting information
from being accessed by unauthorized parties. Integrity refers to ensuring the authenticity of
information–that information is not altered, and that the source of the information is genuine.
Availability means that information is accessible by authorized users. Mutual authentication
ensures that the user is who he claims to be and that the network server host is who it claims to
be.
Here is an outline of a 3 part approach to secure a network server. The first is planning
and executing the deployment of servers. Second, is to configure the server to help make them
less vulnerable to attacks. Lastly, is maintaining the integrity of the deployed servers. Each of
these parts has their own individual steps that this paper will talk about.
The first step of the planning and execution of server deployment is to identify the
purpose of the server. An organization should ask themselves the following questions: What
information categories will be stored on this server? What are the security requirements for this
information? What network protocols should be used (IPv4/IPv6)? Where on the network will
the server be located? Other things to consider are the network service software, for both client
and server. Also, which users or categories will be able to access the server, along with how they
will authenticate themselves and the privileges they are allotted. Intrusion detection strategies
using logs should also be considered when setting up the server.
The next step is to include explicit security requirements when selecting a server. There
are many server venders and even more security capabilities for their products. Considering
security requirements when selecting servers allows you to choose a product with fewer
vulnerabilities and select better security-related features. This makes long term operation of your
site more economical by reducing costs.
Security requirements usually include the following, the absence of vulnerabilities used
by known forms of attacks, the ability to restrict administrative activities to authorized users
only, the ability to log certain activities, and the ability to deny access to information other than
that intended to be available. Here is how to accomplish these goals. One, identify your
functionality and performance requirements. Second, review the recommended practices that
address the configuration and operation of the server product. Lastly, identify specific securityrelated features, such as types of authentication, level of access control, support for remote
administration and logging features.
The first step in configuring servers is keeping operating systems and applications
software up-to-date. The time interval between when a vulnerability is publically known, to the
time required to fix it, to the time the vulnerability is fixed, gives intruders a chance to mount an
attack on a network. To minimize the gap in time between the vulnerability and the fix,
companies need to be aware of the announcements of updates to security-related problems that
apply to their systems. This can be done by developing and maintaining a list of sources of
information about such problems. Once an update comes out, it is up to the company to decide to
use it, but it is highly recommended that they do. The next step is planning the installation of the
applicable updates, which can cause more problems. When installing an update, it can disrupt
service to that server, or worse, make it more vulnerable to attacks, and the worse case scenario,
the update itself can do more harm than good because it may cause more problems with security.
The next step in configuring servers is to offer only essential network services and
operating system services. This helps secure the server in many ways, for instance, other services
cannot be used to attack the host. Also, by isolating hosts it allows for each host to have only one
administrator and implements what is known as separation of duties. You can reduce the number
of logs for each individual host by reducing services on a host, making it easier to identify a
problem. Another way to reduce the vulnerabilities on a host is to eliminate any unnecessary
open network ports. Once you are confident your server is as secure as it can be, you should
create and record cryptographic check-sums and baselines for the system software and its
configuration.
The third step in configuring servers is to configure the server for user authentication.
This involves adding user’s information to the authentication server and possibly setting up
authentication hardware such as tokens, one-time password devices, or biometric devices.
Unauthorized users can jeopardize the security of information stored on or accessible from a
computer. To prevent this, you must configure the computer to authenticate all users who attempt
to access it. The first form of protection is to have a hardware based password. This is when the
computer’s firmware offers the feature of requiring a password when the system is turned on;
this is known as a BIOS or EEPROM password. That feature is not offered on all computers but
is a very nice feature to have.
Other procedures to do when configuring a server are to remove unneeded default
accounts and groups; the most common is the guest account without a password and the
administrator account with a default password. You can also set up user groups for a particular
server, so that only a specific amount of people can access it. Other security measures are to set
up a password policy, such as having a minimum length and complexity. You can also set up
how often a password is changed and who is allowed to change it, along with a default timer to
require reauthentication after idle periods.
The next step in configuring a server is to identify and enable system and network
logging mechanisms. Collecting data generated by system, network, application, and user
activates is essential for analyzing the security of these assets and detecting intrusion. You can
set up logs in many different ways. For example, you can have them set up if it records
suspicious activity that needs further examination, also, to determine the extent of an intruder’s
activity that can be useful and required for legal proceedings.
There are also many categories and types of logs you can create. The first is user’s logs,
for logging login/logout information, location and time of failed attempt, and changes in
authentication status. You can log systems, for the status or errors reported by hardware or
software subsystems, along with changes in system status, including shutdowns and restarts.
Network logs can log service initiation requests along with the names of users/hosts requesting a
service. You can also log packets, new connections, connection duration, and connection flow
with network logs. You can log anything you want from any piece of equipment or software you
have, making logs as essential as the servers themselves. The one big no-no in logs is logging
passwords, correct or incorrect, because it creates a big vulnerability by having a bunch of them
in one place. If passwords are incorrect, they are often only incorrect by one letter and thus they
create a big security threat.
The fifth step in configuring servers is to setting up a backup system for each server.
Before deploying a server, you need to develop a file backup and restoration plan and configure
the computer to implement that plan. Without a backup, you may be unable to restore a
computer’s data after system failures and security breaches. The best way to ensure your back-up
is effective is to create a plan with the following guidelines. First, the plan should specify that the
data is encrypted before it is sent over the network or to a storage medium. Second, is that the
data should remain encrypted while on the backup storage medium, and third, the storage media
should be kept in a physically secure facility that is secure from man-made and natural disasters.
The most important step in making and enacting a backup plan is to ensure that the data can be
recovered after is has been backed up, if you can’t restore the backed up data, the backup is
essentially useless.
The first step in maintain the integrity of deployed servers is to protect the server from
viruses and similar threats. There are several kind of software that can surreptitiously breach
computer security. There are viruses, Trojan horses and worms. A virus is a code fragment that
reproduces by attaching to another program. It can damage data directly or degrade system
performance by consuming system resources. A Trojan horse is an independent program that
appears to perform a useful function but hides another unauthorized program inside of it. A
worm is an independent program that reproduces by coping itself from one system to another,
usually over a network. It works similarly like a virus, by using up system resources or
corrupting data directly.
To prevent these three threats and threats like them, you should come up with a plan to
distribute anti-virus programs and train users to use and monitor these anti-virus programs to
spot any suspicious activity. These anti-virus programs should also be checked for updates
regularly, especially when new viruses and threats are discovered. Most venders of anti-virus
programs release updates weekly or monthly; this is the main method in defending against
threats.
The last step in the process in securing and maintaining the integrity of servers is to only
allow appropriate physical access to the servers, monitors and keyboards. Deploying the server
in a secure facility helps prevent unauthorized access to the computer, theft and destruction.
Servers should not be placed in an individual’s office. It is preferred to keep the monitor and
keyboard out of sight and away from physical access. You should also protect the wiring and
other network connection components away from physical access. There should be a list of who
is allowed to access the server, monitor and keyboard in order to install hardware and modify
existing hardware or software.
In conclusion, these steps are an outlined recommendation for planning, deploying,
implementing, and maintaining the integrity of networked servers and computers. I’ve covered in
fairly good detail ten or so steps that many companies follow and recommend for hardening
network servers. This is just an outline and should be adjusted according to a specific company’s
needs and wants. Some steps may be omitted and others may be added accordingly. The most
important step is keeping software updated, as new threats and vulnerabilities are found every
day.
Sources
Allen, Julie, Gary Ford, Klaus-Peter Kossakowski “Securing Network Servers”
CMU/SEI-SIM-010, April 2000
Scarfone, Karen, Wayne Jansen, Miles Tracy “Guide To General Server Security”
National Institute Of Technology And Standards, July 2008