How to carry out a server security audit
For any business operating online, information security is a priority. Virus infections, external attacks, and unauthorized access to information - all pose major financial and reputational risks. Therefore, business owners are always concerned with the degree of security when selecting a server platform. An audit of server security should be conducted at least once a month in order to check whether the protection system is working correctly and whether there are no loopholes or vulnerabilities in the security system.
What is included in a server security audit
It is possible for a seemingly insignificant factor such as incorrect configuration of the server or an outdated software to result in a security risk. The purpose of an audit is to identify security weaknesses so that they can be addressed in time before an infection occurs or data is stolen. The server administrator checks the installed software for its compliance with the latest updates, assesses the server security settings, and eliminates errors, if any. As further analyzes the compliance of employee access rights to certain resources.
How to audit a virtual dedicated server with your own hands
A user with no programming skills can audit the security of Windows or Linux servers. Security audits can be divided into several steps:
Physical access
In the case of a dedicated server, physical access to the server by third parties is limited by default, this is provided by the data center. But the user can additionally set a password for BIOS access.
Firewall
In order to maintain continuous software and port control, the Windows firewall must be configured and enabled properly. For Linux, SELinux can be used for access control. Alternatively, you can rent our Cisco ASA or Fortinet FortiGate 60D hardware firewalls.
File system
It is recommended to use different partitions for system and user files. For Windows, format the partitions as NTFS. On Linux, set the boot partition to read-only.
Checking for updates
Make sure that the server receives and installs updates automatically.
Password policy
Windows local security policies should require complex passwords, the setting of expiration dates, and locking of accounts after several failed login attempts or blank passwords have been entered. On Linux, it is recommended to make authorization root by key. Changing the connection ports is also recommended.
Log monitoring
Enable logging for critical infrastructure segments and check them regularly.
Network security
VPNs and VLANs are recommended for node segmentation and link security. Also the default settings should be changed and the ports of the network equipment services should be redirected. IPsec service can be used to encrypt traffic. To view open ports, use the Netstat utility.
Access control
Limit user access to critical files, disable guest access, and disable access for users with blank passwords. Disable all unused roles and applications on the server.
Backup
Take advantage of a reliable and cost-effective file backup service. Don't store backups unencrypted. You can choose a location for your backup if you rent a server from us.
Access to databases
Critical databases should be stored on different SQL servers. Ideally, you should configure it to run under a minimally privileged user or from a preconfigured whitelist of IP addresses.
Antivirus protection
For Windows-based servers, installation of automatically updated anti-virus software is recommended when users work with network storages. For Linux, anti-virus installation is not required, provided that the server security is regularly monitored and unauthorized access is controlled. In this case, the Tiger utility may be useful. A monthly audit will help to ensure the server's correctness, identify vulnerabilities, and monitor the network's security.