It is impossible to protect the server from external access once and for all, because every day new vulnerabilities are discovered and new ways to hack the server appear. We will talk about protecting servers from unauthorized access in this article.

The servers of any company can sooner or later become a target for hacking or a virus attack. Typically, the result of such an attack is data loss, reputational or financial damage, so server security issues should be given priority attention.

It should be understood that protection against server hacking is a set of measures, including constant monitoring of server operation and work to improve protection. It is impossible to protect the server from external access once and for all, because every day new vulnerabilities are discovered and new ways to hack the server appear.

We will talk about protecting servers from unauthorized access in this article.

Ways and methods of protecting servers from unauthorized access

Server physical protection

Physical protection. It is advisable that the server be located in a secure data center, a closed and guarded room; outsiders should not have access to the server.

Set up SSH authentication

When setting up access to the server, use SSH key authentication instead of a password, since such keys are much more difficult and sometimes simply impossible to crack using brute force.

If you think that you still need a password, be sure to limit the number of attempts to enter it.

Please note if you see a message like this when you log in:

Last failed login: Tue Sep 28 12:42:35 MSK 2017 from 52.15.194.10 on ssh:notty
There were 8243 failed login attempts since the last successful login.

It may indicate that someone tried to hack your server. In this case, to configure server security, change the SSH port, limit the list of IPs from which access to the server is possible, or install software that automatically blocks excessively frequent and suspicious activity.

Install the latest updates regularly

To ensure server protection, promptly install the latest patches and updates to the server software you use - operating system, hypervisor, database server.

It is advisable to check for new patches, updates and bug/vulnerability reports every day to prevent attacks that exploit zero-day vulnerabilities. To do this, subscribe to news from the software development company, follow its pages on social networks.

Protect your passwords

Until now, one of the most common ways to gain access to a server is to hack the server password. Therefore, adhere to well-known, but nevertheless relevant recommendations so as not to leave the server unprotected:

• Do not use passwords that are easy to guess, such as your company name;
• if you are still using the default password for the administrator console, change it immediately;
• passwords for different services must be different;
• if you need to give a password to someone, never send the IP address, login and password in the same email or messenger message;
• You can set up two-factor authentication to log in to your administrator account.

Firewall

• Make sure the server has , it's configured, and it's running all the time.
• Secure both incoming and outgoing traffic.
• Keep track of which ports are open and for what purposes, do not open anything unnecessary, in order to reduce the number of possible vulnerabilities for hacking the server.

In particular, a firewall is very helpful in protecting the server from ddos ​​attacks, because... you can quickly create prohibitive firewall rules and add the IP addresses from which the attack is coming from, or block access to certain applications using certain protocols.

Monitoring and intrusion detection

• Limit the software and services running on your server. Periodically check everything that you have running, and if you find any processes that are unfamiliar to you, delete them immediately and start scanning for viruses.
• Check periodically for signs of tampering. Hacking may be indicated by new user accounts that you did not create, moving or deleting a file /etc/syslog.conf, deleted files /etc/shadow And /etc/passwrd.
• Monitor the performance of your server, keeping track of its normal speed and throughput, so you can notice deviations, for example, when the load on the server has become significantly higher than usual.

Using VPN and SSL/TLS encryption

If remote access to the server is necessary, it should only be allowed from certain IP addresses and occur over a VPN.

The next step in ensuring security could be setting up SSL, which will allow you not only to encrypt data, but also to verify the identity of other participants in the network infrastructure, issuing them the appropriate certificates.

Server security check

It would be a good idea to independently check the security of the server using a pentest method, i.e. attack modeling to find potential vulnerabilities and eliminate them in a timely manner. It is advisable to involve information security specialists in this, but some tests can be done independently, using programs for hacking servers.

What else threatens servers besides hacking?

A server can fail for a number of reasons other than hacking. For example, this could be a malware infection or simply a physical breakdown of any of the components.

Therefore, measures to protect the server should include:

• Installation and updating of programs to protect the server - antiviruses.
• Regular encrypted copies of data, at least once a week, since, according to statistics, server hard drives are in first place in the frequency of failures. Make sure the backup is stored in a physically secure environment.
• Ensuring uninterrupted power supply to the server room.
• Timely physical prevention of servers, including cleaning them from dust and replacing thermal paste.

The experience of Integrus specialists tells us that the best protection against this type of threat is the application of best practices in the field of server protection systems.

To ensure the security of our customers' servers, we use a combination of tools: firewalls, antiviruses, security / event management technologies (SIM / SEM), intrusion detection / protection technologies (IDS / IPS), network behavior analysis (NBA) technologies, of course regular preventive maintenance servers and arrangement of turnkey secure server rooms. This allows you to reduce the risks of hacking or server failure for other reasons to a minimum.

We are ready to conduct a security audit of your company’s servers, consult with specialists, and perform all types of work to set up the protection of server equipment.

Computer viruses can not only steal important corporate information in an enterprise and damage data, but also operating system and computer equipment out of order, overload the local network as a whole and perform other malicious actions. You should correctly assess the importance of the process and entrust the establishment of a virus protection system on the company’s network to the professionals of the BitProfi company.

According to the degree of impact, viruses are classified as non-dangerous, dangerous and very dangerous. Non-dangerous viruses do not interfere with the operation of the computer, but reduce the amount of memory on disks and free random access memory. Dangerous viruses can cause disruptions and malfunctions in your PC. Exposure to very dangerous viruses leads to the loss of programs, permanent deletion of data, and erasure of information in system areas of the disk.

Penetration of viruses onto the local computer

The methods for a virus to penetrate a local computer are as follows:

• through an external media - the “classic” method;
• through an email system;
• through an Internet access channel;
• from the network server.

Securing one computer is quite simple. However, when installing comprehensive anti-virus protection for the entire information system of an organization, the task becomes more complicated. In this case, it is necessary to take into account many additional factors, starting with control over user access to resources, firewall systems, and other security measures for the corporation’s network and ending with the necessary software and hardware and organizational and legal issues of control of key channels of information exchange and other security measures . It turns out that an anti-virus protection system requires much more effort and knowledge than protecting information for one user.

The first place comes to choosing the right, reliable and modern anti-virus protection strategy.

6 steps from BitProfi to full protection

The BitProfi company offers comprehensive services to ensure information protection in your enterprise:

Conducting an IT security audit of the entire structure. During this process, we will identify weaknesses in solutions that are already in use and conduct a full scan of all systems for malware infection.

Development of a strategy for implementing anti-virus protection for an organization.

Individual selection of hardware and anti-virus tools to protect infrastructure elements.

Installing and configuring anti-virus software on computers in accordance with the requirements for maximum protection of all network nodes.

Installation, configuration of the server part of the software, centralized updating of virus databases, as well as their management.

Subsequent regular audit of the implemented solution, software updates and preventive checks of computers.

Only full-fledged virus protection today is the only effective means of reducing the risk of outsiders entering the company’s network. Correct use of comprehensive anti-virus solutions as part of a company’s unified information security system will eliminate possible losses.

Enterprise anti-virus protection strategy

The line of services for the IT structure of a corporation from the BitProfi company would be incomplete without the service of creating and maintaining corporate anti-virus systems. The enterprise's anti-virus protection strategy is aimed at implementing multi-level protection of all vulnerable elements in the organization's IT structure.

Infrastructure level

A network structure is selected that provides necessary protection from intrusions for the most critical and vulnerable elements of the network. It includes protecting the network from attacks through installing a network gateway with a corporate firewall, filtering external network traffic (including incoming email), downloaded Internet pages and instant messaging services, which most often become sources of infection.

Software level

Work is being done to identify vulnerable applications and regularly update software in a timely manner in order to close detected vulnerabilities. The necessary software is installed, depending on the needs of a particular organization.

Equipment level

The possibility and procedure for using external storage devices (Flash drives, optical media, etc.) is being investigated in order to reduce the number of possible sources of virus infection.

Permission level

The rights of system users are regulated, minimizing the possibility of malware penetration. Regular backup all critical information for quick recovery if necessary. Systematic monitoring of the status of anti-virus programs, network security audits and full anti-virus checks are carried out.

BitProfi employees monitor the status of clients’ anti-virus tools and receive automatic notifications when viruses are detected on the client’s network. This allows you to quickly respond and promptly eliminate the threat of emerging viral infections, eliminating serious consequences.

Anti-virus protection functions for an enterprise network

Comprehensive network protection against enterprise viruses performs the following functions:

Protecting personal computers prevents the penetration of malware from various sources. This ensures proactive protection against viruses unknown in the database.

Protecting gateways and email servers, email exchange systems and ensuring secure collective access to company documents. Antivirus on the mail server monitors and checks email, disinfects or deletes damaged files. The protection system does not allow infected emails to reach personal computers, where it is much more difficult to fight viruses;

Internet traffic protection. The antivirus scans all traffic coming from the Internet and removes viruses. This stage significantly increases the overall security of the network and is a significant addition to anti-virus protection of workstations and servers, but does not guarantee complete security;

File server protection. In this case, the antivirus checks the files being opened or modified. The system distributes server resources between the antivirus and other server applications, providing the opportunity for minimal impact on key server services;

Regular automatic software updates allow you to eliminate vulnerabilities in software products, preventing infection rather than fighting its consequences.

Providing centralized access to managing anti-virus protection elements. This stage is key in ensuring the security of the corporate system. Regular monitoring of all security elements allows the administrator to quickly identify a problem on one computer, excluding its transfer to subsequent devices. The difference between personal anti-virus programs and corporate solutions lies precisely in the possibility of centralized monitoring and administration. Even in small networks, this capability is essential for security.

Thus, high-quality installation and configuration of a local network protection system against viruses in an enterprise is a difficult task that requires the involvement of a professional IT engineer. After all, the comprehensive anti-virus protection service provides the enterprise with reliability and high security of the functioning of information systems, guaranteed to reduce the risks of virus infection of the enterprise’s computer systems.

BitProfi specialists will take care of organizing an anti-virus protection system for your company’s corporate information. We will analyze all internal system flows, consider possible options for implementing the virus threat to all network elements step by step and separately, as well as for the entire information environment of the organization as a whole. After analytical training, our employees will develop a set of security measures, including anti-virus information protection systems and other effective means.

Correct installation and configuration software- This is one of the first and most important tasks in planning the activities of your company. BitProfi specialists will professionally configure, install and support your equipment using

We settled on the fact that the initial server setup wizard Kaspersky Security Center suggested that we immediately deploy anti-virus protection on computers on the network. Let's look at this process in more detail.

The first step when deploying anti-virus protection is to select an installation package. Kaspersky Security Center 10.3 already includes Kaspersky Endpoint Security 10.2, so you don’t have to download it separately.

Maintain anti-virus databases in distributions, and then you won’t have to download them after installation.

Please note that when installing Kaspersky Endpoint Security (KES) is immediately installed and Network Agent is installed, which ensures that KES communicates with the KSC server.

You need to select the computers on which you want to deploy anti-virus protection. In our example, this is the server itself on which KSC is installed. In a real network, you can immediately select all the computers on which you want to deploy protection.

Next are the remote installation task parameters. They can be left as default. The most interesting option here is perhaps “Do not install the program if it is already installed.” If you will install the program again, and you absolutely need the installation to succeed (let’s say the program is already installed, but does not work correctly, and you decide to reinstall it), then this checkbox must be unchecked.

Specify the code and key file for KES, after which the program will ask how it should behave if a reboot is necessary.

Installing KES requires a reboot; installing Network Agent does not. Therefore, in the case when you install only the agent, this item in the wizard is virtually meaningless and does not affect anything.

In our case, since we are betting both KES and the agent, the choice will have consequences. The humane choice is to ask the user if it is possible to restart the computer. After all, the user can perform his tasks there, and a forced reboot in this case is not good.

If you are not in a hurry, you don’t have to restart your computer at all. The KES installation will complete the next time you turn on the client computer. Well, if you are sure that no important tasks are being performed on the computer, you can enable a forced reboot.

It is common knowledge that antivirus software from different companies does not work well on the same computer. Kaspersky Security Center owns a whole list of such software and is able to remove it independently.

If necessary, after installation is complete, computers can be moved to a separate group.

The installation process will start, the progress of which can be observed in the Tasks section.

In order for a company’s software services to operate successfully without failures, high-quality installation, and setting up antivirus protection. Today, not a single company can do without using the Internet for accounting, business correspondence, and reporting. The CRM system is very popular, but the quality of its work directly depends on the connection to the global network.

Advantages installations antivirus software

Antivirus products perform protection different levels. Programs help prevent problems such as:

• theft of information through remote access to server, including those of a confidential nature (for example, data for access to company accounts);
• implementation of various client applications into the operating system to perform DDoS attacks;
• failure of company equipment due to the harmful influence of various programs;
• blocking, damage to programs necessary for operation and servers;
• theft, falsification or destruction of confidential data.

To summarize, there will be one conclusion - implementation antivirus base will help the company avoid large financial losses. Moreover, this applies not only to preventing possible hacking servers, but also to maintaining the functionality of equipment and paid online systems. That's why the question settings high quality and efficient protection always relevant for businesses of all sizes.

The most popular program for installations in the office

Most often clients prefer setting different versions of antivirus Kaspersky. The popularity of this software product is due to the following characteristics:

• a large number of options for both small, medium and large businesses, a separate line for home use;
• software systems Kaspersky designed for installation not only in office servers, but also on mobile phones, laptops;
• servers collaboration, mail, various files are reliably protected antivirus product;
• antivirus Kaspersky counters attacks on Internet gateways;
• setting product eliminates the insider threat of attack servers, since it involves differentiation of user rights.

Among other advantages installations of the specified anti-virus system - data backup, password storage and auto-filling of Internet forms in a safe mode, preventing access to servers spam, phishing. In addition, the price protection these products are very profitable. For users who have little knowledge of the intricacies of programming, antivirus developers Kaspersky We created a convenient, simple and understandable interface.

What to look for when choosing security software?

• to protect which servers specific software is designed for: home, small and medium-sized businesses, large companies;
• breadth of coverage of local programs offered servers business;
• continuity of operation, frequency and conditions of updating;
• possibility of centralized management of the antiviral system;
• compatibility of the proposed product with established business programs and other software.

An important point is also the choice of a company that implements such products. A qualified employee will set up correct operation in the shortest possible time and provide instructions to clients on how to use the program tools when working with servers. The cost of providing such services plays a big role - in our company it is always very profitable.

The article is addressed to novice system administrators.

By anti-virus protection I mean protection against any malware: viruses, Trojans, root kits, backdoors,...

Step 1 for anti-virus protection - install anti-virus software on each computer on the network and update it at least daily. The correct scheme for updating anti-virus databases: 1-2 servers go for updates and distribute updates to all computers on the network. Be sure to set a password to disable protection.

Antivirus software has many disadvantages. The main drawback is that they do not catch custom-written viruses that are not widely used. The second drawback is that they load the processor and take up memory on computers, some more (Kaspersky), some less (Eset Nod32), this must be taken into account.

Installing anti-virus software is a mandatory, but insufficient way to protect against virus epidemics; often the virus signature appears in anti-virus databases the next day after it spreads; in 1 day, a virus can paralyze the operation of any computer network.

Typically, system administrators stop at step 1, worse, do not complete it or do not follow updates, and sooner or later infection still occurs. Below I will list other important steps to strengthen antivirus protection.

Step 2 Password Policy. Viruses (Trojans) can infect computers on a network by guessing passwords for standard accounts: root, admin, Administrator, Administrator. Always use strong passwords! For accounts without passwords or with simple passwords, the system administrator must be fired with a corresponding entry in the work book. After 10 attempts to enter an incorrect password, the account should be locked for 5 minutes to protect against brute force (brute-force password guessing). It is highly advisable to rename and block built-in administrator accounts. Passwords need to be changed periodically.

3 Step. Restriction of user rights. A virus (Trojan) spreads across the network on behalf of the user who launched it. If the user has limited rights: no access to other computers, no administrative rights to his computer, then even a running virus will not be able to infect anything. There are often cases when system administrators themselves become responsible for the spread of a virus: they launched the admin key gene and the virus began to infect all computers on the network...

4 Step. Regular installation of security updates. This is difficult work, but it must be done. It is not only the OS that needs to be updated, but also all applications: DBMS, mail servers.

5 Step. Limiting the entry routes of viruses. Viruses enter an enterprise’s local network in two ways: through removable media and through other networks (the Internet). By denying access to USB, CD-DVD, you completely block 1 path. By limiting access to the Internet, you are blocking path 2. This method is very effective, but difficult to implement.

6 Step. Firewalls (Firewalls), also known as firewalls, also known as firewalls. They must be installed at the edges of the network. If your computer is connected directly to the Internet, then the firewall must be turned on. If the computer is connected only to a local area network (LAN) and accesses the Internet and other networks through servers, then it is not necessary to enable the firewall on this computer.

7 Step. Division of an enterprise network into subnets. It is convenient to split the network according to the principle: one department in one subnet, another department in another. Subnets can be divided at the physical level (SCS), at the data link level (VLAN), at the network level (subnets not intersected by IP addresses).

8 Step. Windows has a wonderful tool for managing the security of large groups of computers - Group Policies (GPO). Through GPO, you can configure computers and servers so that infection and distribution of malware becomes almost impossible.

9 Step. Terminal access. Raise 1-2 terminal servers on the network through which users will access the Internet and the likelihood of infecting their personal computers will drop to zero.

10 Step. Monitoring all processes and services running on computers and servers. You can make sure that when an unknown process (service) starts, the system administrator receives a notification. Commercial software that can do this costs a lot, but in some cases the cost is justified.