Publishing System Settings Logout Login Register
Protecting your server part 3
TutorialCommentsThe AuthorReport Tutorial
Tutorial Avatar
Rating
Add to Favorites
Posted on May 29th, 2012
2719 views
Windows Vista

Protecting your server 3 - principles of design

We've seen in the last couple of articles that server protection can be a complex affair. In this article, we're going to get down in to the nitty-gritty of designing an appropriate protection system for your laptops and PCs. As we concluded at the end of last article, the major difficulty in server security is balancing systematised security with user non-compliance. Users will try to make their own experience quicker and more efficient - that's a key way of thinking when designing a server. Let's look at the main principles of server design.

Failsafe

If a server is going to fail, it's going to fail. At least let's make sure it fails securely, according to our rules (not the attacker's). If needs be, sacrifice accessibility for confidentiality and integrity. Which of those two you sacrifice first will be highly dependent on the nature of content you're looking to protect - but pick one, and design your system such that those criteria will fail one at a time, and in the order you pick.

Simplicity

Servers should offer as little as possible to complete their task. If you have a music server that boots up a folder with pictures of CD covers alongside the tracks, reconsider what you are trying to achieve with the server. The less complexity, the less to go wrong.

Least privilege

The minimum possible requirement is the maximum access granted to any user for performing a given function. We spoke about this last time.

Layered defense

A single security blanket is insufficient. Security systems should be 'layered' to ensure that any threat that breaks one doesn't get very far.

Open design

A security system that works based on the secrecy of how it works is a poor system. Users should be aware of the security and understand its function openly: this will contribute to the factor of...

Psychological acceptability

Users need to understand the need for and how to maintain good security. Educate your users: tell them of worst-case scenarios. Share with them the security design and emphasise the integral nature of their compliance. Get your users on board with the idea of security - that way they won't feel security is some unnecessary inconvenience, they'll feel a part of it.

'Work' factor

The amount of effort required to break in to the system should be greater than the reward for successfully doing so. That means that if you're storing bank details on a system, make sure it'd take more effort to crack than the value of knowing that secret data. If it's a big bank account, that means more and more effective layers of security.

Who was here?

Any attacks should be recorded, logged and the weakness traced. This will make for better security in future - as well as letting you know if sensitive data has been compromised, for appropriate actioning on your behalf (e.g. cancelling credit cards).

Separation of privilege

Access should be hierarchical - and, if you want to maximise convenience, with loads of levels. You, as the administrator, should not be able to do the same stuff as a low-level user - but a mid-level manager should be somewhere in between. Set your privileges (we'll look at that next time) in accord with a predetermined hierarchy.

Complete mediation

People shouldn't be able to do anything on your server without going through your established protocols. That means that you have total ultimate control over any user's actions - and can often avoid threats before they even manifest.

Again, this might all seem a bit boggling - but server security is complex stuff. Next article we're going to look at a few different server security designs, especially focussing around how we can patrol user privileges. By sticking to these maxims you can keep your server security threats to an absolute minimum.

Dig this tutorial?
Thank the author by sending him a few P2L credits!

Send
Daniel497

This author is too busy writing tutorials instead of writing a personal profile!
View Full Profile Add as Friend Send PM
Pixel2Life Home Advanced Search Search Tutorial Index Publish Tutorials Community Forums Web Hosting P2L On Facebook P2L On Twitter P2L Feeds Tutorial Index Publish Tutorials Community Forums Web Hosting P2L On Facebook P2L On Twitter P2L Feeds Pixel2life Homepage Submit a Tutorial Publish a Tutorial Join our Forums P2L Marketplace Advertise on P2L P2L Website Hosting Help and FAQ Topsites Link Exchange P2L RSS Feeds P2L Sitemap Contact Us Privacy Statement Legal P2L Facebook Fanpage Follow us on Twitter P2L Studios Portal P2L Website Hosting Back to Top