Locations
Search
MyRicoh
Contact
Change
server security

5 server security concerns you need to know

by David Chernicoff

Summary

5 security concerns regardless of where the server is located:

Time: 5 minute read
Server security is dependent on many factors, including operating system and purpose. But some things are universal.

Server security is an ongoing concern of IT, regardless of whether the server is locked away in a data center or sitting in an office somewhere. Server security is even a concern if your servers are in the cloud. Allowing a hacker or malware to access a server can compromise an entire business. Just a single point of infection can be enough to spoil the whole soup.

No one ever said the new world of work was all fun and games. There are risks.

But there are also precautions and best practices. Let’s take a look at the top five server security concerns.

1. Physical security

Physical security is always the number one priority for a server. No matter what tricks, technologies or software you use, if you allow uncontrolled physical access to a server, you risk compromising the device. For a data center, whether your own or a cloud service, physical security is usually built in to the operation. Only authorized people are allowed in the facility, and specific data halls or equipment cages may have additional levels of physical security, further limiting access to these critical servers.

Not every business can afford this level of security. But leaving a server sitting in an open office area is just an invitation to unauthorized access. Simply keeping a departmental server locked in a closet can make a big difference. Running it headless, with no monitor or keyboard, provides an additional layer of security.

 

Subscribe to our newsletter

 
 

2. Explicit levels of administrative access control

Users with a requirement for administrative access, whether IT staff or business workers, should be assigned only those privileges necessary for them to accomplish their required tasks. Operating systems have granular levels of control so that administrative tasks can be assigned to specific users, without the need to grant overall administrative access rights. Web consoles for cloud services will also often offer graduated levels of administrative access, depending on the service. Remember that in almost all cases, less is more.

3. Keep server and application software updated

There is a reason that software vendors regularly patch and update their operating systems and applications. While many patches are to solve functional problems, there are almost always security patches that need to be applied in order to maintain server security. For example, Microsoft1 had released an emergency patch for Windows Server to plug a hole in its security.

Unpatched servers are one of the biggest sources of malware infections on the Internet, so unless you are planning to keep a server disconnected from the outside world, you need to make sure that, at the very least, security patches are applied as they appear and are tested. For cloud-based servers and applications, you may need to regularly update client software running on your end to make certain that the latest security fixes have been applied.

Keeping up to date on these changes can also create staffing issues, especially at smaller businesses where the IT department may consist of just a handful of people. One solution to this problem is to outsource these sorts of tasks to an outside vendor or partner, to allow your in-house staff to focus on mission-critical tasks.

Server security is even a concern if your servers are in the cloud.

4. Maintain application security

Many applications, especially those with web-based or collaborative components, have their own security models. Because the applications themselves may have elevated security privileges based on the needs of the application, allowing unsecured access to the applications and their resources can compromise the security of the hosting servers.

Specific applications, such as web servers, will have their own security processes that need to be followed. Proper installation and management of the applications will prevent the sort of user-introduced errors that can compromise server security.

5. Turn off every function the server doesn’t need

Servers don’t need web browsers, yet you often find them present. Disable them or, depending on the operating system, remove them completely. If you’re running a Windows Server for file and print services, it needs very few other features installed. Do your homework, and disable any other feature unnecessary to the desired operation. Every extra feature that has remote access or availability provides another venue for attack.

Final thoughts

Maintaining secure servers is, in various ways, simply limiting the opportunities for access — by staff, strangers, viruses and malware. Keeping strict limits can go a long way to keeping a secure computing environment.

 

Recommended for you

 

Recommended for you

image of hard drive Case Study: Kramon & Graham PA Forensic analysis helps Baltimore litigation firm prove spoliation
pen-and-paper Article: Data backup and disaster recovery Understanding data breaches impact the entire company
Pragmatism Priorities Article: Information governance solutions Information governance services help ensure data is managed and secured
Previous / Next
 
1 Keizer, Gregg. Computerworld. 18 November 2014