Server security is a highly nuanced topic. Variables such as the operating system family and version, the data that will reside on it, the server’s purpose, and the services it needs to run will all make a difference, but there are a few essential items that can be applied to all servers:
1. Start with a hardened image. These can be purchased from a reputable source like CIS or Cloud providers. Some vendors have hardened images like Amazon’s AMI’s. Alternately, you could create your own hardened image for free using CIS guides.
2. Think about access. How will this server be accessed, and by whom? Make sure privileged accounts such as administrators have strict controls around them. Passwords for all accounts should be strong, but for admin accounts, we recommend 24-character non-string passwords. MFA should be implemented as well.
3. Throughout the lifecycle of the server, regular patches and updates must be performed, including:
- The operating system
- All applications
- Firmware of the installed hardware
- Firmware of the baseboard management
- Hypervisor updates, where applicable
4. Make sure your servers are running a next-generation anti-virus appropriate for the operating system. Ideally, that would be an EDR or MDR product where your SOCaaS provider can actively threat hunt. Stratix Systems provides industry leading NGAV, EDR, and Threat Hunting services from CrowdStrike to our Managed and Essentials Secured clients.
5. Servers and network security devices should have some sort of firewall, and it should deny all access except just what is needed for it to operate. Servers should be on their own network segment, and access control lists should restrict which other systems can talk to it and on what port. Just as with local access, all network access should be on a least-privilege basis. Remember to deny by default, allow by exception.
6. At Stratix Systems, we highly encourage customers that are not fortunate enough to have a SOC in-house to have a proactive cybersecurity monitoring service, such as Foresite’s SOC, in place to maintain 24/7 vigilance of security events and emerging threats for their servers. This is not only a good business practice, but it fulfills the event monitoring requirements needed for many regulatory frameworks.
7. Your server and anything that can impact its security, network equipment, hypervisors – basically anything that can talk to it – need to be regularly scanned with a quality SCAP scanner. Any critical or high findings should be remediated as quickly as possible.
These suggestions are basic server security 101; however, they are not intended to be comprehensive, as many variables could require additional consideration.