Server security is a highly nuanced topic. Variables such as the Operating System, version of the operating system, the data that will reside on it, the server’s purpose, and services it needs to run will make a difference, but there are a few essential items that can be applied to all servers:
- Start with a hardened image. These can be purchased from a reputable source like CIS or in the cloud. Some vendors have hardened images like Amazon’s AMI’s. Alternately, you could create your own hardened image for free using CIS guides; however, this is time-consuming.
- Think about access. How will this server be accessed, and by whom? Make sure privileged accounts such as administrators have strict controls around them. Passwords for all accounts should be strong, but for admin accounts, we recommend 24-character non-string passwords. Ideally, MFA as well should be implemented.
- Throughout the lifecycle of the server, regular patches and updates must be performed, including:
- All applications
- The operating system
- Firmware of the installed devices (if this is a hardware server)
- If it has baseboard management, the firmware of that also needs to be checked and updated
- If it is a virtual machine, Hypervisor updates are critical
- Make sure your servers are running a next-gen anti-virus appropriate for the operating system. Ideally, that would be an EDR or MDR product where your SoCaaS provider can actively threat hunt.
- Servers and network security servers should have some sort of firewall, and it should deny all access except just what is needed for it to operate. It should be on its own network segment, and access control lists should restrict what other systems can talk to it and on what port. Just as with local access, all network access should be on a least-privilege basis. Remember to deny by default, allow by exception.
- At Foresite, we highly encourage customers that are not fortunate enough to have a SOC in-house to have a proactive cybersecurity monitoring service such as our ProVision platform in place to maintain 24/7 vigilance of security events and emerging threats for their servers. This is not only a good business practice but fulfills the event monitoring requirements needed for regulatory frameworks.
- Your server and anything that can impact its security, network equipment, hypervisors, basically anything that can talk to it, need to be regularly scanned with a quality SCAP scanner. Any critical or high finding should be remediated as quickly as possible.
These suggestions are basic server security 101; however, not intended to be comprehensive as many variables could require additional consideration.