CYB130 Server Security PDF

Summary

This document provides an overview of server security. It discusses common security issues, such as weak passwords and outdated operating systems, and presents basic server security guidelines. It also includes a checklist for securing a server, addressing various aspects like recording server details, physical safeguards, server logging, and patching vulnerabilities.

Full Transcript

CYB130- Server Security
Useful link to understand more -

https://www.server-world.info/en/note?os=Windows_Server_2019&p=smb&f=1

Chapter 0 and 1

What is Server Security?
Servers are primarily powerful computers that are suitable for performing one or more services on a
specific network. The server is a sensitive element that gets targeted by hackers frequently. Measuring
server security covers the fundamental operating system, hosted applications, and network security. The
server is the core of an IT infrastructure and helps many users access the necessary information and
various functionalities.

Common Server Security Issues
Securing your server is not an easy task; the hackers make every effort to threaten your server. Hence
always make sure to overcome the below mistakes that can be the reason for server security issues.

Weak Passwords

The server password should always be strong as hackers can easily scythe weak passwords. So, if you are
unable to come up with a strong and effective password, use a password manager and boost your server
password integrity.

Old Operating Systems
It is somehow easy to hack and exploit old and outdated OS and software, which in turn enhances the risk
of exposure. Hence you must update the operating systems and software regularly and protect your
server from cybercriminals effectively. Upgrading the Operating system and software regularly is quite
necessary to avoid any possibilities of intrusion in the server from hackers. Staying at the same level of
security for long weakens the server security.

It is considered a wise move to have a backup file of the server. No matter how strong the security of any
server is, anybody can breach the security of the server anytime and destroy all the data. In this case,
having a backup and restoration plan helps.

What Are the Basic Server Security Guidelines?
Servers face numerous attacks by cybercriminals. Hence the professionals need to secure the system
effectively for eliminating potential risks to the organization and computing environment. As strict
guidelines, you need to regularly update your operating system and ensure safety and configure the same
as and when required by adopting necessary services and applications. Moreover, a routine check-up of
your websites and mail is also essential for safeguarding your server
How to Secure Your Server Effectively?
Now that you know what good security looks like, work through our handy server security checklist to
ensure you have it all covered. We’ll see through everything you need to do, from initial setup to long-
term maintenance.

Following is some of the common measurements that we take to secure any server no matter which type
of server it is.

You can add some more hardening as well, but these are easily implemented solutions

1. Record server details. First, identify and make a note of all the important details relating to your
server, such as the server identification number and the MAC address.

2. Consider physical safeguards. Although the server is at virtual risk from adversaries, you should
also consider physical safeguards to prevent unauthorized access. Restrict access to the server
room to as few people as possible and ensure that keys are kept secure.

3. Set up server logging. Keep an eye on what’s happening and enable traceability by configuring
event logs. Monitor remote access logs and follow up on any suspicious activity as well as logging
account logins, system configuration changes, and permission changes. Consider backing up logs
to a separate log server.

4. Avoid patching weaknesses. Check that the operating system and any other software or
applications are running the most up-to-date versions.

5. Restrict software. Remove any unused or unnecessary software or operating system
components. Similarly, any unnecessary services should be disabled.

6. Monitor hardware. Carry out regular hardware maintenance and routinely inspect your server
for any aged or damaged components that may need replacing.

7. Ensure system integrity. Employ robust authentication methods such as two-factor
authentication for all system administrators. Remove any accounts that are no longer necessary.

8. Implement backup procedures. Aim to automate regular server backups and routinely check that
they are operating as expected. From time to time, you should test recovery images.

9. Using a Secure Connection

Passwords are most vulnerable to cyber-attacks; hence you must set up a secure connection
with your server using a secure shell that features SSH keys. These are primarily secured
cryptographic keys and contains both public and private key. The public key can be assessable by
the public, but the private key is exclusive to the user where it encrypts all the data exchanged.
On the other hand, you can also use proxy servers as a security measure, which is instrumental
in hiding the user details through a proxy IP address.

10. Connect Via a Private or VPN

A private network or virtual private network guarantees secure data communications. The
security features restrict the users and servers through a private IP address. On the other hand,
 VPN also encrypts all the data to and from the server without affecting the functionalities. The
use of Virtual Private Networks keeps the IP address apart from public networks. It decreases the
chance of getting hacked to a certain extent.

11. What is Encryption

Encryption is an essential process in cybersecurity, which is the process of altering data for
safeguarding the same from unauthorized access.

Encryption is like the encoders that encode your data using a cipher, and it is accessible only by
the person with that cipher. Although it sounds simple, encryption is more complicated, and
usages complex scrambling techniques. Encryption is used in web browsers, email, smartphones,
and even in your computers. Encryption is the process of changing information to make your data
unreadable and inaccessible. It uses various keys that are used for changing the data into its
original conditions. Encryption is essential for server security as it protects your data and restricts
its usage. Organizations use encryption techniques for protecting their information and secrets
and safeguard the same from various means of theft.

12. Firewall

Firewall protection controls the traffic of the server and only allows the required function to be
accessed by the traffic and locks the rest of the function to ensure the safety of the server.

What are a Server and its types?
A server is a device that offers different services to other computer programs and its clients without
difficulty. The server programs fuel through physical systems, and they connect the machines in a network
for effective communication. There are various types of servers such as FTP servers, DNS and DHCP
Servers, web servers, and online game servers etc. The server saves and retrieves numerous data and
information to other systems connected to a specific network.

Types we are going to look at is as follows,

1. DNS server

2. DHCP Server

3. Print Server

4. File Server

5. AD Server Roles (Active directory for DC)

6. Hyper-V server

7. RDS Server or Terminal server

8. Application Server role and Web Server
9. WSUS Server (Windows updates)

DNS Server Role-

This part would explain you how your server would act if its assigned to DNS server role. DNS means
Domain name system

All computers on the Internet, from your smart phone or laptop to the servers that serve content for
massive retail websites, find, and communicate with one another by using numbers. These numbers are
known as IP addresses. When you open a web browser and go to a website, you don't have to remember
and enter a long number. Instead, you can enter a domain name like example.com and still end up in the
right place.

Main function is to convert domain names into IP addresses. A DNS server is a computer with a database
containing the public IP addresses associated with the names of the websites an IP address brings a user
to. DNS acts like a phonebook for the internet. Whenever people type domain names, like Facebook.com
or Yahoo.com, into the address bar of web browsers, the DNS finds the right IP address. The site’s IP
address is what directs the device to go to the correct place to access the site’s data.
As you have studied in my class the function of DNS server or you can save DNS resolver it’s the same
thing is as follow

First the resolver queries the root nameserver. The root server is the first step in translating (resolving)
human- readable domain names into IP addresses. The root server then responds to the resolver with the
address of a top-level domain (TLD) DNS server (such as.com or.net) that stores the information for its
domains. Next the resolver queries the TLD server. The TLD server responds with the IP address of the
domain’s authoritative nameserver. The recursor then queries the authoritative nameserver, which will
respond with the IP address of the origin server. The resolver will finally pass the origin server IP address

To understand easily see the steps below

1. A user opens a web browser, enters www.example.com in the address bar, and presses Enter.
2. The request for www.example.com is routed to a DNS resolver, which is typically managed by
the user's Internet service provider (ISP), or in Managed company its your main server which
you use as DNS server and has DNS server role applied. Examples- cable Internet provider, a DSL
broadband provider, or a corporate network.
3. The DNS resolver for the ISP forwards the request for www.example.com to a DNS root name
server.
4. The DNS resolver for the ISP forwards the request for www.example.com again, this time to one
of the TLD name servers for.com domains. The name server for.com domains responds to the
request with the names of the name servers that are associated with the example.com domain.
In class we have seen that you can find name server by nslookup command in your CMD. You
can simply type nslookup and then run set q=ns. After that type any website address that you
need to find the ns for.

5. Now DNS resolver (Your main server with DNS role) will choose one of the name servers and
forward the request for www.example.com
6. Name server will now looks into example.com hosted zone and gets the associated IP for the web
server, then it will return that IP to its DNS resolver. If you want to find the IP for any website, you
can simply try to ping it and it should be responding with its IP.

7. DNS resolver now finally have the IP for that web address, and it will resolve in user’s browser and
display the web page.
 8. Now this IP is cached in DNS resolver so next time it will open the webpage little fast then first
time.

DHCP Server role

DHCP- (Dynamic Host Configuration Protocol)

A DHCP Server is a network server that automatically provides and assigns IP addresses, default
gateways and other network parameters to client devices. It relies on the standard protocol known as
Dynamic Host Configuration Protocol or DHCP to respond to broadcast queries by clients.

A DHCP server automatically sends the required network parameters for clients to properly
communicate on the network. Without it, the network administrator must manually set up every client
that joins the network, which can be cumbersome, especially in large networks. DHCP servers usually
assign each client with a unique dynamic IP address, which changes when the client’s lease for that IP
address has expired.

It mainly consists of 4 process

Discover, Offer, request and acknowledgement.