Servers are integral to network functionality and are also one of most common targets of a cyber attack. According to Verison’s 2018 Data Breach Investigations Report, the second most common type of security breach the world is a Denial of Service (DoS) attack on servers. Servers, cloud servers, and even hybrid servers can all receive a DoS attack. As such, servers of all types have inherent security vulnerabilities that need monitoring.
Katie Boldizar, our Loop1 Technical Account Manager, shares her observations about current server security practices and discusses the future of server monitoring and server security as IT environments become more complex.
Katie has over 10 years experience working in IT infrastructure, installation, configuration, and security. Prior to her career in IT, she served as a Multiple Launch Rocket System repairer (94P) in the U.S. Army.
Q: What measures to maintaining server security often get overlooked?
A: In order to keep any server secure, you need to patch the server on a regular basis. Another key component to consistent server security would be “hardening” the server:
- Vetting what software is and isn’t allowed on a server
- Limiting the server’s open ports (connections to the outside world)
- Controlling the internet access to the server (who can access the server and what types of devices can access the server)
Q: What good practices do you recommend to others to ensure uninterrupted server security?
A: Making sure the server is properly hardened is my first recommendation. Monitoring who logs into a server and controlling user permissions to which part of a server can be accessed by what user would be other good practices to put into place.
Lastly, I recommend implementing policies that focuses on user accountability, such as regularly changing passwords and setting server usage standards.
Q: What are the most common SolarWinds tools you’ve seen used for server security?
A: I’ve seen many environments utilizing SEM (Security Event Manager) with file integrity monitor software, which can not only track any files and folders within a server, but also provide details about any changes made to all files and folders within a server.
ARM (Access Rights Manager) is another common tool. ARM is used for automating server access and setting user permissions, which is helpful in preventing data loss and security breaches.
Q: What are your thoughts on maintaining physical server security versus cloud server security?
A: For me, there is not too much of a difference. I feel that most now view cloud hosted servers just as secure as on-premise servers. Though, there is an ongoing debate.
Q: What are your predictions for the use of cloud-based and cloud hosted servers over physical servers?
A: Serverless architecture adoption and microservices have grown in popularity as more clients are moving away from container-based services. Additionally, I’ve seen an increase in the use of cloud security automation, which allows you to launch security protocols as a response to cloud events such as a DoS attack.
Though, many large organizations that invest a lot in security and choose to keep their data centers onsite may favor housing their data on physical servers.
Q: Lastly, what are your recommendations to keep a company’s data secure in cloud servers?
A: My top recommendations for cloud security:
- Educate employees about cloud security awareness and best practices
- Create a data backup plan
- Be aware of who has access to the data
- Always use encryption and have a strong password policy
As cyber attacks and DoS attacks on servers continue, maintaining and monitoring server security remains an ongoing process in safeguarding who has access to the data on a server.
Creating a regular patch and update schedule, educating all employees about security awareness, and monitoring who/what device(s) have access to a server are just a few preventative steps to making sure your servers ready for a cyber attack.
By: Katie Boldizar
Loop1 Technical Account Manager
Network+, Security+, SCP