We are often asked by our software development and hosting customers how we secure our servers. We have several layers of security protection, and this blog posting will mention some that we implement.
A firewall is used to only allow traffic to the outside world on a few of the TCP/UDP ports. We obviously have to allow web and e-mail users access to the server, but almost all other ports can be closed to prevent intrusion attempts. On our newest servers we even prevent FTP and Telnet access, since those protocols rely on unencrypted packets which are easier to intercept and hijack.
Every day we have perhaps dozens of “dicitionary” attacks that try to gain e-mail or user account access. A dictionary attack picks a user (for example “root” or “john”) and then goes through a long, long list of possible passwords. We use two packages Fail2Ban and DenyHosts that monitor our log files looking for dictionary attacks; if found, the originating computer is banned from accessing our servers.
When we develop online shopping solutions, we choose to not store credit card numbers online. We securely pass this information to the credit card processing vendor, and then we only record the order information and the payment confirmation number. For some web sites with user accounts, we encrypt the user account passwords, therefore gaining access to our user password list would still not result in someone gaining access to their online account.
Some of our hosting customers are concerned about unencrypted web traffic. We occasionally add a feature that automatically forwards a web page inquiry from non-SSL to SSL mode, which means it forward to a page starting with “https://” thus all traffic is encrypted between our server and each web browser client.
We also have logging records and constant monitoring to help us detect intrusion attempts and help us implement even better security measures. “Tripwire” software can also alert us when certain files are modified.
Do these basic measures above make us impervious to hackers? Alas, no. On two occasions in the last five years we have had hackers penetrate one of our servers. However no damage was done and we patched those specific holes quickly. Security is a cat-and-mouse game, and we strive to stay one step ahead.