Lecture 1.pdf

Full Transcript

University of Babylon 2024-2025 Server Security
College of IT Asst. Lect. Ghasaq B. Abdulhussein 4th Stage
Information Security Dept. Lecture 1
-------------------------------------------------------------------------------------------------------------------------------

Introduction:
A server is a host that provides one or more services for other hosts over a network as a
primary function. For example, a file server provides file sharing services so that users can access,
modify, store, and delete files. Another example is a database server that provides database
services for Web applications on Web servers. The Web servers, in turn, provide Web content
services to users’ Web browsers. Servers provide a variety of services to internal and external users
of an organization. They manage and store sensitive data for the organization. Some of the most
common types are web, email, database, infrastructure management, and file servers, logging,
name/address resolution services (e.g., Domain Name Server [DNS]), remote access, and etc.
Server security refers to the measures and practices implemented to protect servers, which
are the central computing systems that store, process, and deliver data, applications, and services
within a network or computing environment. Server security aims to safeguard the confidentiality,
integrity, and availability of server resources, as well as protect against unauthorized access, data
breaches, and other security risks. Server security typically involves a combination of technical
controls, policies, and procedures to mitigate vulnerabilities and protect against various threats,
including:
1. Access Control: Implementing strong access controls ensures that only authorized
individuals or systems can access and interact with the server. This includes user
authentication mechanisms (such as strong passwords or two-factor authentication),
privilege management, and role-based access controls (RBAC).
2. Patch Management: Regularly applying security patches and updates to the server's
operating system, applications, and firmware is crucial for fixing known vulnerabilities and
reducing the risk of exploitation.
3. Network Security: Protecting the server from network-based attacks involves
implementing firewalls, intrusion detection and prevention systems (IDS/IPS), and secure
network configurations. Network segmentation and virtual private networks (VPNs) can
also enhance server security by isolating sensitive server resources.
4. Malware Protection: Deploying antivirus and anti-malware software helps detect and
remove malicious software that could compromise the server's security. Regularly updating
and scanning the server for malware is essential to maintain its integrity.
5. Encryption: Encrypting data at rest and in transit helps protect sensitive information from
unauthorized access or interception. Secure protocols such as Secure Sockets Layer (SSL)
or Transport Layer Security (TLS) can be used to secure communications with the server.
6. Logging and Monitoring: Enabling logging and monitoring mechanisms allows for the
detection of suspicious activities and security incidents. Server logs and security event
information should be regularly reviewed to identify potential security threats or breaches.
7. Backup and Disaster Recovery: Implementing robust backup and disaster recovery
strategies ensures that data and server configurations can be restored in the event of a
security incident, system failure, or natural disaster.

1|Page
University of Babylon 2024-2025 Server Security
College of IT Asst. Lect. Ghasaq B. Abdulhussein 4th Stage
Information Security Dept. Lecture 1
-------------------------------------------------------------------------------------------------------------------------------

8. Security Policies and Employee Awareness: Establishing and enforcing security policies,
such as password policies, data classification, and incident response plans, helps create a
security-conscious culture. Regular training and awareness programs educate employees
about server security best practices and their roles in maintaining a secure environment.

Servers Types
There are several types of servers used in computer networks, each serving a specific
purpose or providing specific services. Here are some common types of servers:
File Servers: are dedicated servers that store and manage files and provide centralized file sharing
and storage capabilities. They allow users on a network to access and share files and folders,
providing a central repository for data storage and collaboration.
Web Servers: are responsible for hosting websites and serving web pages to clients over the
internet. They handle HTTP requests from web browsers and deliver web content, such as HTML,
CSS, images, and other files, to users who access the website.
Database Servers: are designed to manage and store databases. They handle database queries and
transactions, allowing clients to retrieve, update, and manipulate data stored in the database.
Database servers are commonly used in applications that rely on dynamic data storage and
retrieval.
Application Servers: Application servers host and manage applications or software that provide
specific functions or services to clients. They handle business logic, data processing, and
application-level tasks. Application servers are commonly used in client-server architectures and
web applications. ex: Apache HTTP Server
Mail Servers: handle the sending, receiving, and storage of email messages. They use protocols
such as SMTP (Simple Mail Transfer Protocol) and POP3 (Post Office Protocol version 3) or
IMAP (Internet Message Access Protocol) to facilitate email communication and manage user
mailboxes.
DNS Servers: (Domain Name System) translate domain names into IP addresses. When a user
enters a domain name in a web browser, DNS servers resolve the domain name to the
corresponding IP address, enabling the browser to connect to the correct web server on the internet.
Print Servers: manage and coordinate printing services on a network, which provide a centralized
location for managing printers and print queues, allowing users to send print jobs from their
computers to designated printers.
Proxy Servers: act as intermediaries between clients and other servers, which provide various
functions such as caching, content filtering, load balancing, and enhanced security by hiding the
client's IP address and filtering requests.

2|Page
University of Babylon 2024-2025 Server Security
College of IT Asst. Lect. Ghasaq B. Abdulhussein 4th Stage
Information Security Dept. Lecture 1
-------------------------------------------------------------------------------------------------------------------------------

FTP Servers: (File Transfer Protocol) facilitate file transfers between clients and servers over a
network,which provide a means for users to upload, download, and manage files on a remote server
using FTP client software.
Virtual Servers: are not a specific server type but rather a technology that allows multiple virtual
servers to run on a single physical server. Virtualization software creates virtual instances of
servers, enabling efficient use of hardware resources and providing flexibility in deploying and
managing server environments.

Importance of server security
The importance of server security in modern computing environments cannot be overstated.
Here are several key reasons why server security is crucial:
1. Data Protection: Servers often store and process sensitive data, including customer
information, financial records, intellectual property, and trade secrets. Ensuring server
security helps prevent unauthorized access, data breaches, and theft, safeguarding valuable
information.
2. Confidentiality and Privacy: Server security measures, such as encryption, access
controls, and secure communication protocols, help maintain the confidentiality and
privacy of sensitive data. This is particularly important when handling personal identifiable
information (PII) and complying with data protection regulations.
3. Availability and Business Continuity: Servers host critical applications, services, and
databases that organizations rely on for their daily operations. A breach or compromise of
server security can lead to service disruptions, downtime, and loss of productivity. By
implementing robust security measures, organizations can enhance server availability,
maintain uptime, and support business continuity plans.
4. Protection against Cyber Threats: Servers are primary targets for cyber-attacks due to
the valuable data they hold and their connectivity to networks. Malicious actors may
attempt to exploit server vulnerabilities, launch distributed denial-of-service (DDoS)
attacks, install malware, or gain unauthorized access. Effective server security measures,
such as firewalls, intrusion detection systems (IDS), and vulnerability management, help
identify and mitigate these threats.
5. Regulatory Compliance: Many industries have specific regulations and compliance
requirements related to data security and privacy. Examples include the General Data
Protection Regulation (GDPR), Health Insurance Portability and Accountability Act
(HIPAA), Payment Card Industry Data Security Standard (PCI DSS), and Sarbanes-Oxley
Act (SOX). Adhering to these regulations necessitates implementing appropriate server
security controls.
6. Protection of Reputation and Trust: A security breach can have severe consequences for
an organization's reputation and trustworthiness. Customers, partners, and stakeholders
expect organizations to safeguard their data and maintain a secure IT infrastructure. By

3|Page
University of Babylon 2024-2025 Server Security
College of IT Asst. Lect. Ghasaq B. Abdulhussein 4th Stage
Information Security Dept. Lecture 1
-------------------------------------------------------------------------------------------------------------------------------

prioritizing server security, organizations demonstrate their commitment to protecting
sensitive information, fostering trust, and preserving their reputation.
7. Cost Savings: Proactively investing in server security measures can potentially save
organizations significant costs in the long run. The financial impact of a security breach,
including legal liabilities, regulatory fines, remediation expenses, and reputational damage,
can be substantial. Implementing robust server security controls can help mitigate these
risks and minimize the financial impact of a security incident.
Overall, server security is critical for protecting valuable data, maintaining service availability,
complying with regulations, preserving reputation, and mitigating the risks associated with modern
cyber threats. By prioritizing server security, organizations can safeguard their assets, maintain
trust, and ensure the continuity of their operations.

The most common server security problems
Companies as well as private persons often ask themselves how to secure a server optimally.
Depending on the existing IT infrastructure, this question can be quite complex. In addition, new
vulnerabilities are emerging all the time, and companies should close them according to web server
security best practices before attackers can exploit them. The following issues are most important
in for server security:
 Passwords: Weak passwords pose a high risk. They can be easily hacked and sold for
profit.
 Outdated software: Every software has its vulnerabilities. The problem with an outdated
version is that cybercriminals know how to exploit them.
 Patches: Patch management can also be a source of danger in web server security.
 Network port: If the network ports are not configured sufficiently, then attackers can
exploit this vulnerability for themselves.
 Old accounts: To increase file server security, old user accounts should be deleted as soon
as the company no longer needs them.
 Physical security: Windows or Linux server security also depends on how secure the
physical hardware is. Unauthorized access is always a problem.
Practical:
MikroTik RouterOS is an operating system that will make your device: a dedicated router , a
bandwidth shaper , a (transparent) packet filter,and any
802.11a,b/g wireless device. MikroTik Router OS is an operating
system which can be installed on a PC or RouterBOARD
hardware and will turn them into a router with all the necessary
features: Routing, Firewall, Bandwidth management, Wireless
Access Point, Hotspot Gateway, VPN server and more.
RouterBOARD is the hardware platform made by MikroTik.

4|Page
University of Babylon 2024-2025 Server Security
College of IT Asst. Lect. Ghasaq B. Abdulhussein 4th Stage
Information Security Dept. Lecture 1
-------------------------------------------------------------------------------------------------------------------------------

After you have installed the RouterOS software, or turned on the Router for the first time, there
are various ways how to connect to it:
1. Accessing Command Line Interface (CLI) via Telnet, ssh, serial cable or even keyboard
and monitor if router has VGA card.
2. Accessing Web based GUI (WebFig).
3. Using WinBox configuration utility.
Every router is factory pre-configured with IP address 192.168.88.1/24 on ether1 port.
Default username is admin with empty password.

Webfig:
WebFig is a web based RouterOS configuration utility. It is
accessible directly from the router and no additional software is
required. As Webfig is platform independent, it can be used to
configure router directly from various mobile devices without need
of a software developed for specific platform. WebFig is designed
as an alternitive of WinBox, both have similar layouts and both
have access to almost any feature of RouterOS. WebFig can be
launched from the routers home page which is accessible by
entering routers IP address in the browser.

Starting the Winbox
Winbox is configuration utility that can connect to the router via MAC or
IP protocol. ( Winbox is a small utility that allows administration of Mikrotik
RouterOS using a fast and simple GUI). Winbox program can be downloaded
from the Mikrotik site of RouterBOARD through the following link
https://mikrotik.com/download in order to download winbox.exe (2.18MB). Run
Winbox utility, then click the neighbor(s) discovery button and see if Winbox
finds your Router and it's MAC address. Winbox neighbor discovery will
discover all routers on the broadcast network. If you see routers on the list,
connect to it by clicking on MAC address and pressing Connect button.
In order to Set the Identity of the router from
System Identity.

The Main window consists of menu bar, title bar, work area, and etc.

5|Page
University of Babylon 2024-2025 Server Security
College of IT Asst. Lect. Ghasaq B. Abdulhussein 4th Stage
Information Security Dept. Lecture 1
-------------------------------------------------------------------------------------------------------------------------------

Change the IP address and default gateway
Disable any other interfaces (wireless) in your laptop
Setting network and internet

 Set 192.168.X.1 as IP address,
 Set 255.255.255.0 as Subnet Mask, and
 Set 192.168.X.254 as Default Gateway (Mikrotik IP address)
X represent your network number. Each student have a different number

Create a bridge for the local area network (LAN)
With routerOS, bridge is a bridge connecting hosts on different
networks. It is created to link interfaces including: ethernet interface,
wlan, vlan, etc. we can roughly understand creating a bridge is to
create a group of ports that can be connected like a switch. Go to
the Bridge menu click + to add a bridge name it
Next add the ports you need to use to the newly created bridge.
In the bridge window, click the Ports tab press the + sign to add a
port. Below are all 4 ports 2-5 that are included in the bridge-LAN.

6|Page
University of Babylon 2024-2025 Server Security
College of IT Asst. Lect. Ghasaq B. Abdulhussein 4th Stage
Information Security Dept. Lecture 1
-------------------------------------------------------------------------------------------------------------------------------

Set the IP for the newly created bridge.
Connect to router with MAC-Winbox and Set 192.168.X.254/24 to Ether1 (Your Gateway)
This IP will act as the Gateway for the clients in the LAN. From Winbox, go to menu IP >
Addresses to open a subwindow Address List. Press + and declare IP: the address and prefix,
network, and the interface is bridge (depends on the name of bridge that you created ). Close
Winbox and connect again using IP address. MAC-address should only be used when there is no
IP access.
You need to check the connectivity between pc and Mikrotick and vice versa, which one is
unsuccessful and why?

Reset Configuration
click on the "System" menu on the left-hand side
of the Winbox window. From the "System" menu, select
"Reset Configuration" from the drop-down menu. A
confirmation dialog will appear, asking if you want to
reset the configuration. Click on the Yes button to
proceed. The RB941 device will reset its configuration to
the factory defaults. This process may take a few seconds
to complete. After the reset is complete, the device will
reboot automatically and load the default configuration.
Once the RB941 device restarts, it will have its factory default configuration restored. You can
then access it using the default IP address, username, and password. By default, the IP address is
192.168.88.1, the username is "admin," and there is no password set. It is recommended to change
the password and configure the device according to your requirements after the reset.
Please note that performing a factory reset will erase all configuration settings, including IP
addresses, firewall rules, wireless settings, and any other custom configurations you have made.
Make sure to backup any important configuration files or settings before proceeding with the reset.

7|Page