Protecting your server 5 - layers of security

Earlier, we mentioned that server security solutions should be layered on your server. In practice, we've introduced a couple of security layers already - OS patching and user account management. In this section we're going to look at the four software groups you should consider for further 'layering up' security on your server. Each group performs a specific function and you may be able to do without certain layers (recall the principle of simplicity).

Layer 1 - anti-malware protection

This consists of two main parts: firstly, anti-virus protection, to protect against malignant programs designed to affect the integrity of data (such as a 'virus' designed to wipe system files) or confidentiality and accessibility (such as a 'worm' designed to expose passwords to all users, or change user read/write privileges). Such anti-virus software will also act to quarantine and, if possible, remove malignant software. Secondly, anti-spyware protection, to protect against programs which specifically log user data and report back to an attacking agent elsewhere. For example, a program designed to log what you type on your keyboard (a 'keylogger') and report it back to an attacker elsewhere in the world. Not so bad if you're typing social correspondence, but potentially problematic if you're inputting credit card details. Again, anti-spyware protection can isolate such programs and eliminate them if possible. All anti-virus or anti-spyware software must be kept up-to-date with a current database of definitions. This database works like the FBI's 'Most Wanted' list - if the anti-malware program sees a file on that list, it can take measures to protect the system from actions that file can perform. Most anti-malware programs entail automatic updates - which you, as an administrator, should of course configure to ensure your mediation.

Layer 2 - Intrusion Detection and Prevention Software (IDPS)

These programs are installed on host machines, and are designed to log any access to and any behaviour within the machine. This effectively gives all users a trail of string to pinpoint their movements. Hugely helpful if you want to maintain complete mediation - also critical if you need to log the actions of an attacking agent.

Layer 3 - Firewalls

A 'firewall' is just as it sounds - it looks at an attempted user's details, possibly including their IP address (where they're accessing from) and their credentials (what kind of OS they are using), compares it with a series of settings you as administrator have determined, and either permits or blocks access to the connection attempt. It's a vital piece of software to install on host machines - if you know everyone in your company is using Windows XP SP3, your firewall can straight away block out access from anyone running a different OS. Many firewalls come with a detailed set of configurable options, ensuring you've got good control over what kind of user can access your system.

Layer 4 - auto-update software

In the previous article we mentioned that patches should be applied as soon as possible post-release, and installed to machines taken 'off-network' for the period of installation. This also applies to updates to your anti-malware, IDPS and Firewall software (now you see why being a network manager comprises a fair amount of work!). Luckily, there are programs designed to auto-update all of these elements as soon as they are released. Most can be configured to wait until you give the green light (remember, sizeable patches could render your system unusable), but for many aspects - like virus database releases - you'll want to apply them as soon as possible.

So those are the four layers of server protection that you can use in addition to OS management. Remember - you need to weigh up what kinds of threat you'll face, whether the risk is LOW, MEDIUM or HIGH in each threat scenario, and how much effort you are prepared to invest in securing your data.

Next time, we'll take a look at a few principles to be followed when testing the security on your server.