Several ways exist for ensuring security in a windows server environment and some of them include the following:
- Separating server roles: the more the roles a server performs, the more vulnerable it is to exploitation. It is recommendable to have different servers performing different roles rather than having one server performing all the roles. For instance, it is advisable to have dedicated servers for DNS and DHCP services separate from file server rather than having one server for all the services. Doing so also helps in the troubleshooting process since a server running minimal roles has minimal configuration.
- Using server core: Server core is a feature in windows server that does not entail a full graphical user interface. Server core utilizations run a minimal set of system services and are, therefore, less prone to vulnerabilities, unlike the customary windows arrangement. They also tend to perform better that a full featured windows server installation. The downside of this however, is that not all system services and server applications can run on this type of environment and therefore, server core should only be deployed where necessary.
- Group policy deployment: Group policies help to maintain security and compliance. Active Directory, for instance, helps to control registries, folders, security options, desktop capabilities and software installation and maintenance. Group policies assign privileges depending on user’s roles and restrict certain users from doing certain things like installing software of changing security settings which goes a long way to ensure security.
- Testing, deploying and troubleshooting VPN security: With VPNs, users can access the company’s network from anywhere. However, this may pose some serious threat as hackers may utilize such networks to steal confidential information. Security in VPN can be attained through precise firewall procedures or by altering TCP/IP paths. Care should be taken to select VPN providers who value totally confidentiality.
Securing Linux Server
For a Linux server environment, the following could be used to enhance security:
- Use of only encrypted authentication tools: Secure shell or SSH is used to secure terminals or file transfers by creating a secure channel. SSH also provides strong encryption to authenticate users thereby maintaining confidentiality and integrity of data over an unsecured network such as the internet. Traditional communication tools such as Telnet, allow user IDs and passwords to be transmitted across the network in plain text hence malicious users who snoop network traffic could gain access to such information and compromise the entire network. SSH provides the same functionalities but with an added level of security.
- Avoid logging in as root: Logging into a system with a non-root user Id is always recommended unless when absolutely necessary to switch user to the root. A network might be vulnerable to viruses or key logger programs that are likely to cause extensive damage if a user were to log in using the root. It is also recommendable that users should never login to a remote terminal as root on a user’s terminal.
- Log in to your systems often and see what processes are running: An administrator should often list all the current processes that are running with the aim of finding and checking on those processes that are unusual. He should also review the list of people who have logged into the system within a certain duration. It helps detect any unusual activities or individuals that might compromise the system.
- Keeping copies of log files: Every event that happens in the server is recorded to a log file. In the event that a hacker intrudes the system, his first move is usually to delete the log files to avoid detection of any compromising event. Such a scenario can be overcome by making copies of the log files to more than one server and restricting the retrieval of the files to a small group of administrators. The log files can then be used to monitor and detect any compromising events.
Best practices for both
There are some practices however which are general for both environments and they include:
- Keeping the system patched: The system should at all times have the latest patches most of which are available from the vendor’s website. Keeping up with the latest updates helps prevent vulnerabilities that have otherwise overtaken the security of old updates.
- Use firewall: Most platforms enable easy installation and configuration of a firewall. A well configured firewall protects a server from being compromised.
- Train users about securing their accounts: Users need training on how best to enforce security around their terminals. The administrator should also teach them how to select secure passwords, not to leave their passwords lying around and never to give their accounts to other people.
- Making backups: Complete backups should be maintained at regular intervals in order to ensure continuity in case the worst comes to the worst, and a system is compromised. Maintaining backups should, however, take place at a different location from the servers are located.
References
Hontan, R. J. (2006). Linux Security Craig Hunt Linux Library. Hoboken: John Wiley & Sons.
Linux Internet Server Security and Configuration Tutorial. (n.d.). Linux Internet Server Security and Configuration Tutorial. Retrieved May 16, 2014, from http://www.yolinux.com/TUTORIALS/LinuxTutorialInternetSecurity.html
Linux, Windows, and security FUD | ZDNet. (n.d.). ZDNet. Retrieved May 16, 2014, from http://www.zdnet.com/linux-windows-and-security-fud-7000011417/
Rountree, D. (2013). Windows 2012 server network security securing your windows network systems and infrastructure. Rockland, MA: Syngress Media Inc.