Security For Your Managed Virtual Server
August 14th, 2008
Lions, tigers and hackers… oh my! Hackers and script kiddies are unfortunately constantly searching the Internet for insecure sites. If you have insecure or mis-configured software, it’s not “if” but “when” you will be compromised.
I’m not using this as scare tactic or as a reason to use our proactively managed virtual private servers, but as a fact from what we see every day. Unfortunately, the number of compromised servers we see hitting our network every day is staggering. For example, it’s not uncommon for us to block 50-100 new unique IP addresses daily for SSH or FTP brute force attempts. That’s just on a slow day. These are not Windows based desktops mind you, but Unix, Linux, or Windows based servers. You know, the servers that you would think are managed by system administration professionals.
Unfortunately it’s all too common for a web developer or designer think that buying a $99/month unmanaged dedicated server is all that is needed. Set it and forget it! Security is a continuous and never-ending process. Also many system administrators do not configure a server properly or too overtaxed putting out other fires. Even if you are not a HostCube customer, I strongly recommend hiring a qualified person or company to keep your server secure.
According to a Verizon Business study, the most common notification method of a security compromise is by a third party. So not only is the server software kept out of date, the software configuration is probably kept to defaults, but no monitoring exists when a comprise occurs. In this all too common case you might as well give away the keys and let the hacker do what they want with your setup!
Server security is about deploying layers; many different methods of proactive, reactive and defensive measures to protect from getting compromised. To give a high level view, here are the precautions we employ with managed virtual servers and managed servers:
- Remove unneeded services
- Employ best practices with software configuration (server hardening)
- Automatic deployment of software updates
- Hardware and local firewalls
- Remote log storage
- Backups (we can be used a method to audit a server)
- Scanning for common Rootkits
- Host Integrity Monitoring (HIM) to detect changes in operating system files
- Unusual port and services detection
- Monitoring services for availability and trends
- Autoblock SSH/FTP attacks
- Proper file and service permissions (sandboxing)
Monitoring log files and detecting server changes are some of the additional security measures we employ. We’ve just recently added Rootkit Hunter and Osiris host integrity monitoring to our list. Both tools monitor and detect attempted rootkits and any modifications to server setup. This additional monitoring makes our services fully PCI DSS compliant and just some of the features we perform to make sure a customer’s account is secure. You can rest assured knowing we are monitoring your managed virtual server very closely.
I won’t go into all of our security measures, nor details, but I will say the above list should be at least your security baseline. When choosing a provider, ask if they are really ‘managed’ and are performing these tasks for you. If not, you’ll definitely want to make sure you are addressing all these areas on your own.
Leave a Reply