Securing your Server
"Hackers" and viruses
Web server security has always been a subject for serious consideration and, with the increase in computer "hacking" and the propagation of malicious viruses, it should be foremost in the mind of anybody involved in Web Server administration. But not only servers - many of these tips also apply to your own PC whether in the office or the home.
Mainstream "hackers" tend to direct their attention towards large, high profile corporations. However, even smaller companies can attract the attention of a "hacker" who explores any available opportunity to penetrate an unguarded server or who may have a grudge to settle, real or imagined, with your company or Web site. They often find gratification in trying to break into your server. Invariably, once inside, he or she will cause as much damage as possible to files, databases and/or systems software. They may leave behind a dormant virus or a "back door" commonly known as a Trojan. A Trojan is an executable file via which they can logon to the server again with Administrator rights.
Keep the Operating System Patched!
There are some simple precautions one can take to maximise the level of resistance your Web server has towards these individuals. Keeping the operating system "patched" will remove or protect newly discovered entry points. But, of course, those security patches are released usually as the result of a reported "hack" and may sometimes arrive too late.
Windows 2000 has an automated security patch checker/installer so you'll never miss the release of any new security update. With Windows NT, the manual method of checking for Windows updates prevails and you should do this regularly, at least once a week.
Use Anti-virus Software and Keep it Up-to-date!
To protect against viral infection you must run a good quality anti-virus program. Discover IT uses NetShield by Network Associates. NetShield will constantly monitor the file input/output activity and responds immediately to make inaccessible any virus infected file. You can also instruct NetShield to attempt to clean the file, automatically delete the file on detection or rename the file (with a .vir extension) and move it to a quarantine folder.
You can also schedule NetShield to check for updates to the main program and, more importantly, the virus definition file. New viruses are continuously being discovered and it is essential that any anti-virus program uses the latest virus definitions. A good rule of thumb would be to check for an updated virus definition file on a daily basis and updates to the main anti-virus engine every week. Usually, a new virus definition file is made available within hours of the release of a new virus. Other vendors of good quality anti-virus software include Symantec and McAfee.
Backup Daily!
Regular backup of your system is a must if you need to recover from a system failure, whether malicious or as a result of a hardware or software fault. Discover IT uses Backup Exec by Veritas which archives information using a number of different methods including Normal, Differential, Incremental and Copy. Your backup strategy is largely governed by the sort of information you are handling, the level of recovery you require, the accessiblility of the server for tape swap-overs and the hardware you employ.
A simple 2 tape backup set on a 7 day rotation will give you a minimum of 7 days data recovery and up to a maximum of 14 days.
Test the Restore!
It's important to remember that you should test the "restore" feature of your backup regularly, perhaps every 2 to 3 months. This ensures that your archived material is accessible in the event of a system failure. Imagine the drama if your system crashes and you find you can't restore anything because your tape is unreadable! Also, monitor the usage of the media as they have a finite life and should be replaced before they fail.
In summary:
- Keep the operating system patched and completely up-to-date.
- Use good anti-virus software and ensure the definition files are updated daily.
- Backup the system to tape daily.
There are other steps that should be considered if your hosting provider does not provide an effective firewall . . . but we will talk about that in a future issue.