Server protection is standard practice regardless of the number and types of servers an organization runs. Whether it is Windows or Linux, an enterprise server or a regional data center, or a small business server vs. a public cloud, protecting the environment is critical. You know that. But do you know how your organization’s servers are protected?
Hillstone Networks recommends starting with basic protection strategies and working up from there. A failure to implement the basic strategies only gives threat actors more opportunity to get in. And without the basics, some of the more advanced server protection strategies become moot.
Firewalls are so commonplace that there is no longer any excuse for a server to be without such protection. The firewall is often where server protection begins. What does a firewall do? It does multiple things:
- Controls both inbound and outbound traffic
- Controls data access within allowed traffic
- Determines how services are exposed on a network
- Determines how data requests are handled.
Firewalls can be either software- or hardware based. Either way, the firewall’s primary purpose is to make sure that data and services cannot be accessed from outside the network. Only users on the network have access, and those users are tightly controlled through a variety of means.
The Secure Shell (SSH) protocol relies on encryption to securely transmit data over a less secure or completely unsecured network. It does not rely on simple usernames and passwords. Rather, it makes use of secure and public keys.
Implementing an SSH strategy makes it possible to completely disable password-based authentication for certain types of data transfers. In short, any data transfers that do not require giving the general public access can be handled through SSH sessions.
The downside to SSH is having to sometimes work in a terminal, at the command line level. This notwithstanding, the most sensitive data tends to be handled by people who are familiar with the command line environment anyway. They are comfortable working in it.
Virtual private clouds can host private networks that can be completely isolated from most or all external traffic. At a time when cloud computing is the norm, a VPC network is the ideal solution for many enterprises.
One of the main advantages of going virtual is being able to completely disable a public network interface wherever external access isn’t required. The virtual parts of the network are interconnected by way of private network interfaces that do not require routing traffic through the public internet. By default, this keeps more threat actors at bay.
A companion to the virtual private cloud network is its predecessor, the virtual private network (VPN). The VPN concept allows for connecting various remote computers in different locations in an environment that is secured and presented as a local network instead. VPNs are based on the concept of using a private server to log on to a public server prior to launching on to the greater internet.
Everything is encrypted and hidden along the way, including IP addresses. A well configured VPN creates a route for traffic that only computers on the network have a ‘map’ for. Hackers have a harder time getting in because they don’t know where the traffic is coming from or going to.
These four strategies are considered basics for server protection. They are all things that Hillstone Networks is intimately familiar with. If your enterprise needs help implementing any of them, do not hesitate to get in touch. We take server protection seriously. Your enterprise should take it seriously, too.