Print this Post

IT Security is Like an Onion – IT Security Basics – Part 2: Server Security

In Part 1 I discussed securing your network perimeter. But as I said in the beginning, IT security is like an onion. Let’s take a look at the next layer of that onion… securing your server environment. Again, this is not meant to be a complete list, but instead a starting point to help you think through your own IT security strategy.

Physically secure your equipment. By physical security I mean making sure your data is secured by securing the devices which store and transmit it. In short, make sure your servers and network equipment aren’t accessible by just anyone. In a best case scenario, the server and network equipment is in a locked rack. Each server has a front bezel which is locked, preventing the removal of hard drives. The room containing the servers and other equipment is also locked and secured from other users. Only a short list of authorized personnel should have any physical access to the server’s room and rack. In larger organizations it is not uncommon for network administrators to never physically touch the servers they administer. In many smaller organizations it is very difficult to physically secure their server from unauthorized access or theft. If your organization doesn’t have this ability, then hosted servers or cloud computing may be a good option. 

Operating Systems become obsolete quickly. Not only do new features come out all the time, but new security functionality is added with each new version of an operating system. For example, Windows 2008 R2 is by far more secure than Windows 2003. It is far less vulnerable to malware attacks, and has a much more sophisticated software firewall built in. There are also additional security features built right into Windows to help ensure that only authorized applications run on the system. It is also important to regularly install updates and service packs to your operating system to resolve any security holes, or add new features. 

New hardware for PCs and Servers can help improve your IT security through architecture changes, and feature upgrades. An example of this is some of the new security functionality built right into the new CPUs from Intel and AMD. This helps protect your system from ever getting infected by malware. These days many organizations are replacing PCs every 3 years to help ensure a higher level of security, increase uptime, and end-user productivity. 

When the unthinkable happens do you have a data backup & disaster recovery plan? If not, get moving! What are you backing up? Where are you backing this up to? Are you doing off-site backup or online backup? Are your backup tapes secure and being archived for 2-7 years? What do you do when an end-user deletes an email? What do you do when your 8 year old critical server’s motherboard fries, and there are no replacement parts on the way? Are you using an online backup strategy? If so, is data encrypted before being transmitted? What is your procedure when a massive attack infects most (or all) of your servers? What is your plan? If you don’t have an answer to all of these, don’t feel bad. This is something which is commonly overlooked. 

Network Access Protection can prevent “unhealthy” systems from gaining network access or limiting access by configuring a series of policies. If a system does not meet the compliance requirements, there is a mechanism for bringing that system back into compliance. Once the system is in compliance the level of network access can be increased. 

Periodic Health & Security Audits should be run on a regular basis to help ensure your network security is configured they way you think it is. Here is a short list of things to look for:

  • Periodically look for old user accounts (should be disabled or deleted)
  • Check for outdated Firewall Rules which are no longer needed
  • User access & folder level security – Do VPN users only have access to the proper servers? Do AD users have access to folders they shouldn’t?
  • Latest service packs and patches – Make sure all servers, server software (SQL, Exchange, etc…), and workstations have the latest service packs and security updates installed. Also check for updates for client software such as Flash player, Acrobat Reader, and Office.
  • Check, test, & update anti-virus and anti-malware protection on all workstations and servers.

About the author

Robert Borges

About Robert...

I have been in the IT industry since 1993 focusing mainly in networking. Though I got an early start as an amateur computer enthusiast, and wrote my first database app at age 12, I started my professional career working in the MIS department of one of the largest liquor distributors in the northeast. I started out there as a systems operator on the company’s two mainframe systems. From there I moved into PC support, and help design and implement the company’s first client-server network… This was back in the days of Win NT 3.51. I also worked on my first migration to NT 4.0 back then.

From there I went on to work with Novell 3.x and 4.x along with Windows domains and active directory environments. Working my way up from technician, to specialist, to administrator, and eventually all the way up to Sr. Engineer. I spent many years working for consulting firms, 9 of which I owned and operated my own firm.
Over the years, I have worked with (at an expert level) various versions of: Windows client and server operating systems (including Windows 10 and Windows Server 2016); various virtualization technologies (Hyper-V, VMware, etc.); MS-SQL server 6.5- 2014 R2; Exchange 4-2016, and much more.

I am now vCIO at Spade Technology, Inc. focusing on Information Technology strategy including: cloud computing, IT Infrastructure & Architecture, IT Security, and Cloud Computing platforms & technologies (SaaS, PaaS, and IaaS).

Outside of my day job, I serve as president of the board of Boston User Groups, Inc., as well as IT-Pro User Group. In 2017/2018 Microsoft awarded me the Microsoft MVP (Most Valuable Professional) Award, with a focus of Microsoft Azure cloud, for my efforts in the IT community.

I am in a constant state of learning about new products, and new versions of products. Many of which we end up implementing in lab environments and sometimes for our clients. I have a very broad range of expertise and experience. It is my goal to share some of this experience on this blog to help enrich the IT community.

Permanent link to this article: https://www.robertborges.us/2012/03/it-security/it-security-is-like-an-onion-it-security-basics-part-2-server-security/

Leave a Reply