TIPS & TRICKS

12 Ways To Secure Your Servers



9. Use the log

Your server's operating system will probably have a facility to log events. You should use it, especially servers exposed to the Internet because the log may offer the first, and sometimes only, evidence of attempted (and successful) intrusions. Logs can also be used as evidence in legal proceedings.

What the log includes, and what you can set it to include, varies by server operating system and configuration. Third-party security software may also generate logs, and these, too, can usually be configured to varying levels of detail. If you find reviewing the logs becomes burdensome, consider configuring them to record less detail or use a third-party log file analyzer.

Just as with your other server system files and data, you should archive your server log files at regular intervals.

Keep in mind that if an intruder has targeted you, they are not likely to come and go in the course of a single day. The attacker may escalate from probes to serious attacks over a period of days or weeks. So it's important to read logs for patterns and trends that extend over more than single day.



10. Rename default accounts

Your server probably came with two default accounts, named Administrator and Guest. Hackers love these because they're the same from server to server. Though you cannot delete the default accounts -- in most cases -- you can rename them and assign them difficult passwords.

Watch your log closely for attempts to access your renamed Administrator account, as hackers may still be able to find this account. In case a hacker is monitoring keystrokes, the administrator should use the renamed Administrator account only when absolutely necessary. It's also wise to remove all unused accounts and create new accounts only when necessary; accounts of terminated employees should be removed immediately and accounts should never be shared.



11. Patch early and often

When malware exploits a particular vulnerability in software, the vendor typically rushes to circulate a patch that fixes the problem. But that doesn't put the hackers out of business. That's because there are always enough un-patched machines to keep them occupied; don't help them out, be conscientious about installing patches.

When possible, set the operating system and even individual software packages to download patches automatically, but NOT to install until given permission. In a small office, this will give you the opportunity to keep track of what patches have arrived -- it's a good idea to keep a notebook. In larger organizations, it gives the IT staff an opportunity to try out the patch on a test machine -- this is particularly important if the organization relies on software written in-house.

If you are not sure where you stand with patches, most vendors have patching and update sites. Take a moment to review the site for your software:

12. Don't get too comfortable

Digital security is not a one-time project. Rather, it's an ongoing maintenance task and it never gets easier. In the normal course of events, you should be installing patches, studying logs, and responding to alerts. Although this does require time and resources, that's trivial compared to what hackers can do to your business. For instance, a hacker that takes over your Web site could infect all site visitors with key-loggers and expose their banking passwords (Yes, that's happened).

Part of being vigilant involves keeping your eye on the weather, so to speak. New threats constantly arise, as quickly as summer storms.

1 | 2 | 3 PREVIOUS PAGE

Go To The bMighty Server How-To Center