How to Hack Proof Your Web Server
A dedicated server is a sign of success for any SMB. The reasons to move into a dedicated server are varied – a high volume of web traffic, a transaction heavy database, complex application requirements, or a combination of those and other requirements- but whatever the reason, a dedicated server brings powerful capabilities to growing and established businesses alike.
That power comes with an additional level of responsibilities. Protecting your server from being hacked is a serious concern requiring complete attention. In most cases you’re going to need help, and if you’ve chosen your server provider carefully, you’re going to have it.
Securing any network attached web or application server (and really, a web server is just a specialized application) is a tricky proposition. It needs to be accessible to legitimate users and locked down to the malicious ones.
Consider a large concert or sporting event.
The idea is to have a large attendance of happy fans, but every step taken to bolster security usually has a negative impact on the experience- long lines for screenings, no bags or carry-alls allowed and so on. As with secure e-mail service, it would seem that the two goals of access and security are somewhat diametrically opposed, but a solid server protection scheme will actually work to support both ends.
It starts with a two layer “bullet proof vest” of technology in the form of a managed firewall and an intrusion protection service. A firewall is needed to help stop brute force, denial of service style attacks. Typically emanating from multiple unsecured servers located overseas, a DoS attack will pound your server with useless traffic, overwhelming resources and rendering the server unavailable for real users.
A quality firewall uses rules based access to filter and block malicious traffic while allowing legitimate traffic through. It does this in a way that minimizes latency and slowdowns, so that the process is transparent to end users.
Intrusion protection takes a slightly more sophisticated approach to this, blocking harmful traffic at the source, placing compromised hosts in quarantine and routing qualified user traffic quickly and efficiently. If your firewall represents your front line defenders, your IPS (intrusion protection service) in effect goes behind enemy lines. The combination lets you shift your security measures from reactive to proactive, but there’s a catch.
Having firewall and IPS protection in place is only the first step. This isn’t “set it and forget it” stuff, staying ahead of hackers and corporate saboteurs requires constant vigilance and regular updates to blacklists, filters, patches and more. It’s one thing to purchase and install a couple of security appliances, it’s quite another to properly manage them, and for too many SMBs, it’s a budget busting proposition. This is where your service provider comes in.
The overlooked word for too many dedicated server providers is ‘managed’. If your provider offers managed services, you are a step ahead of the game. A high end provider already has 24/7/365 staffing. They already have a massive investment in hardware and network resources. Most importantly, they already have a team of highly trained, certified engineers who can help you stay running at peak optimization, fully protected. If your provider offers managed firewall and intrusion protection, it’s a no brainer to add those services to your IT arsenal. If your provider doesn’t offer firewall and IPS, maybe it’s time to start looking at other providers.
Casey Cook is a writer, technologist, and musician living in South Florida. He worked for over a decade at some of the industry’s largest ISPs and dedicated hosting providers in numerous capacities, including Director of Network Operations, Director of Corporate Alliances, and Senior Product Manager. He has authored countless business proposals, technical manuals, customer communications, marketing copy, direct mail, press releases, and several nationally published case studies. He is heavily involved in the development of virtual worlds and other online communities, and frequently performs live music over the internet to a worldwide audience.