ArtsAutosBooksBusinessEducationEntertainmentFamilyFashionFoodGamesGenderHealthHolidaysHomeHubPagesPersonal FinancePetsPoliticsReligionSportsTechnologyTravel

Server and Network Security Risks

Updated on November 6, 2013

Depth-In-Defense - CIA Model

All Systems have risks associated with them. So it is important to be aware of the risks associated with a server in order to defend against those risks. To best understand the risks lets use the CIA model, which is the most widely used in computer security today.

C is for confidentiality. Only those persons or systems authorized to see data should be given access to the server.

I is for Integrity. Data is not inadvertently or purposefully modified without proper procedures.

A is for availability. The data is always available when it is needed.

CIA Triad

CIA Counter Measures

Steps like logins, properly assigned permissions to files and folders, and encryption are used to protect against the risks of the confidentiality of data could potentially be accessed by someone they were not supposed to. Microsoft Windows uses NTFS permissions to protect against such threats to confidentiality.

To protect a server against the risks to integrity counter measures like logging changes made to data so a roll back can be performed, and hashing data to detect changes are implemented by system administrators.

Availability issues are addressed and handled by performing backups and having the ability to restore. Windows Shadow copies can also provide protection for threats to availability.

Let’s suppose that an intruder has breached your organizations network perimeter. A simple but effective concept is that of defense-in-depth. Meaning that you secure your entire network and not just your networks perimeter, then an intruder would still not immediately have access to everything, as barriers would be in place to prevent further penetration to data access.

A few simple things you can do to accomplish this would be the use of Group Policy Objects to configure individual firewall settings. Access control lists (ACL’s) should be in place for all systems, servers, and sensitive resources. Backup and restore procedures should be in place to restore the system should a crash occur. Physical Security, which includes locks, guards, sing-in-sheets, and monitoring via closed circuit TV. Training program policies should be implemented that teach employees proper security procedures and responses to security threats.

Multi-layered Security Stategy

Using this type of multi-layered security strategy makes it harder and less likely an intruder will succeed in attacking and breaching your defenses and helps in the detection of an attacker. By employing these layers from the broadest and moving toward the most specific to establish security policies and procedures that meet your organization’s security requirements and also making sure that users are aware of them. Training users in how these policies and procedures are implemented is first and foremost. A good policy includes requiring users to lock or log out from their desktops or computers when leaving them unattended, also having them not write down their passwords where they can be accessed or found by other people. Making sure that only authorized personnel have physical access to network hardware like servers and routers. By preventing physical access by unauthorized persons, you greatly improve the effectiveness of the other layers of security. The rule of thumb is that “If I can touch it, I can own it”.

Nearly every organization needs to allow users to access the Internet. Customers or clients outside your organization probably need to be allowed access to your website or other resources. You may also have multiple physical locations that require the need to communicate with each other. So you need to create a perimeter network so that a boundary, exist between your private and public networks.

By use of a perimeter network reverse proxy server you can create more secure connectivity to your organization’s services when access is required when using a public network. You protect your network by creating group policies that check varying criteria before allowing a client computer access to connect to your network. By verifying that a computer has all of the security updates applied and the current antivirus is installed and up-to date. You might also require other security requirements within your organization that you want, to be sure the client computer is adhering to your organizations security policies. When a client computer meets all of the required conditions, access is granted to the network. If not the computer is only allowed limited access to an isolated, or quarantined, network until it meets all the criteria you require before granting access to your organization’s resources is permitted. Only after the security settings required have been met is the computer moved from the quarantined network and allowed access to the organization’s resources.

Microsoft Forefront Threat Management Gateway 2010, is an example of a reverse proxy server and functions as a firewall. By using a reverse proxy server, you can publish services from your intranet without having to place email or web servers in the perimeter network. all networked computers are vulnerable to a variety of threats regardless of weather they are on an internal or public network. Among the many threats such as eavesdropping, denial-of –service, replay, and spoofing attacks are those of most concern. Those most vulnerable to these types of attacks are users accessing resources from remote offices, public networks, and from home. Network and personal firewall deployment helps protect users from such threats.

Depth-In-Defense

Windows 7 Security Hardening

Security Hardening

Security hardening or the security applied to host computers is the next level of defense, requiring that security updates are applied, configuration of security policies requiring complex passwords, host firewall configuration, and up-to-date antivirus software are all good practices.

Application hardening is the next layer of security that can be implemented to achieve a secure network. The uses of Windows Update to ensure application security updates are applied and current. Also the testing of applications for security holes that an attacker(s) might exploit is important.

The last layer of defense-in-depth is data security. Using access control lists (ACL’s) to ensure that the correct file permissions are implemented. Using of Encrypted File System (EFS) to encrypt confidential data. Backing up data as often as is needed for the organization, be it weekly, daily, or hourly should also be the norm of best practices.

Best Practices

The following actions are widely recommended and considered to be best practices for increasing the security of computer systems.

  • Applying patches in a timely manner, it is a best to test new patches on a test server before applying them to your live servers. By expediting this process as soon as possible, because delaying patches leaves you open to dangerous and catastrophic vulnerabilities.
  • Use of the principle of least privileges, meaning that each user, or subsystem, is given only the minimum privileges needed to execute their job.
  • Restrict console logon, only certain individuals are allowed to use the console. The command-line console can be used to execute a number of administrative tasks, and is therefore a system vulnerability and it's use should be limited and restricted to authorized personnel only.

Restrict physical access; there are numerous attacks a hacker uses to compromise a system. Some of these methods require physical access. You increase system security significantly by restricting physical access.

Comments

    0 of 8192 characters used
    Post Comment

    No comments yet.

    working

    This website uses cookies

    As a user in the EEA, your approval is needed on a few things. To provide a better website experience, hubpages.com uses cookies (and other similar technologies) and may collect, process, and share personal data. Please choose which areas of our service you consent to our doing so.

    For more information on managing or withdrawing consents and how we handle data, visit our Privacy Policy at: https://hubpages.com/privacy-policy#gdpr

    Show Details
    Necessary
    HubPages Device IDThis is used to identify particular browsers or devices when the access the service, and is used for security reasons.
    LoginThis is necessary to sign in to the HubPages Service.
    Google RecaptchaThis is used to prevent bots and spam. (Privacy Policy)
    AkismetThis is used to detect comment spam. (Privacy Policy)
    HubPages Google AnalyticsThis is used to provide data on traffic to our website, all personally identifyable data is anonymized. (Privacy Policy)
    HubPages Traffic PixelThis is used to collect data on traffic to articles and other pages on our site. Unless you are signed in to a HubPages account, all personally identifiable information is anonymized.
    Amazon Web ServicesThis is a cloud services platform that we used to host our service. (Privacy Policy)
    CloudflareThis is a cloud CDN service that we use to efficiently deliver files required for our service to operate such as javascript, cascading style sheets, images, and videos. (Privacy Policy)
    Google Hosted LibrariesJavascript software libraries such as jQuery are loaded at endpoints on the googleapis.com or gstatic.com domains, for performance and efficiency reasons. (Privacy Policy)
    Features
    Google Custom SearchThis is feature allows you to search the site. (Privacy Policy)
    Google MapsSome articles have Google Maps embedded in them. (Privacy Policy)
    Google ChartsThis is used to display charts and graphs on articles and the author center. (Privacy Policy)
    Google AdSense Host APIThis service allows you to sign up for or associate a Google AdSense account with HubPages, so that you can earn money from ads on your articles. No data is shared unless you engage with this feature. (Privacy Policy)
    Google YouTubeSome articles have YouTube videos embedded in them. (Privacy Policy)
    VimeoSome articles have Vimeo videos embedded in them. (Privacy Policy)
    PaypalThis is used for a registered author who enrolls in the HubPages Earnings program and requests to be paid via PayPal. No data is shared with Paypal unless you engage with this feature. (Privacy Policy)
    Facebook LoginYou can use this to streamline signing up for, or signing in to your Hubpages account. No data is shared with Facebook unless you engage with this feature. (Privacy Policy)
    MavenThis supports the Maven widget and search functionality. (Privacy Policy)
    Marketing
    Google AdSenseThis is an ad network. (Privacy Policy)
    Google DoubleClickGoogle provides ad serving technology and runs an ad network. (Privacy Policy)
    Index ExchangeThis is an ad network. (Privacy Policy)
    SovrnThis is an ad network. (Privacy Policy)
    Facebook AdsThis is an ad network. (Privacy Policy)
    Amazon Unified Ad MarketplaceThis is an ad network. (Privacy Policy)
    AppNexusThis is an ad network. (Privacy Policy)
    OpenxThis is an ad network. (Privacy Policy)
    Rubicon ProjectThis is an ad network. (Privacy Policy)
    TripleLiftThis is an ad network. (Privacy Policy)
    Say MediaWe partner with Say Media to deliver ad campaigns on our sites. (Privacy Policy)
    Remarketing PixelsWe may use remarketing pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to advertise the HubPages Service to people that have visited our sites.
    Conversion Tracking PixelsWe may use conversion tracking pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to identify when an advertisement has successfully resulted in the desired action, such as signing up for the HubPages Service or publishing an article on the HubPages Service.
    Statistics
    Author Google AnalyticsThis is used to provide traffic data and reports to the authors of articles on the HubPages Service. (Privacy Policy)
    ComscoreComScore is a media measurement and analytics company providing marketing data and analytics to enterprises, media and advertising agencies, and publishers. Non-consent will result in ComScore only processing obfuscated personal data. (Privacy Policy)
    Amazon Tracking PixelSome articles display amazon products as part of the Amazon Affiliate program, this pixel provides traffic statistics for those products (Privacy Policy)