Latest from

Securing Our Servers

By Shawn Stubbs, Technology Consultant

Here at Frequency Foundry, we take data security seriously. With all the news about government hacking and security breaches, we want to take a step back and discuss the reality of keeping a server secure. I would like to highlight some basic precautions to ensure your systems are prepared securely. These principles apply to any device, not just servers.

First thing’s first, use a real password and create unique passwords for every site and system you access. Don’t share your password with anyone. I know this sounds like the most basic advice and I’m sure you have heard it a million times before, but simply put– this is how most systems or accounts become compromised.

How can I keep track of the hundreds of logins to all the websites and systems I access, you ask? Get yourself a proper password manager. A password protected excel sheet is not good enough. Password managers use one way encrypted hashed and salted databases. I won’t get into the technical details at this time. This prevents people who may gain access to your password database from being able to reverse the file to view the text. Password managers range from free open source to paid systems often used by large corporations. Just for the record, I am not affiliated with any of these companies. Here are a few recommendations.

KeePass:
KeePass is a free open source program you can install on your personal machine or on a USB stick. It’s a little light on features but it’s a great tool for anyone from a beginner to senior systems administrator who wants to take security seriously. You simply add entries for your servers or sites with your username and have it generate a unique password for each site.

LastPass:
LastPass is my personal favorite password manager. It has all the basic password manager features KeyPass has, but also offers some great benefits to make your online life easy. LastPass has browser plugins for all modern browsers that auto fill your login; you can install it on multiple machines, including smartphones, for seamless transitions between your different devices.

Dashlane:
Dashlane is the latest password manager I have been testing. It has some really nice features like “zoning” that lets you have a business section and personal section to your passwords. Its auto-login features are fast and seamless. It also has a full desktop client that lets you locally manage your logins.

Pick one and use it. Seriously.

Next up, let’s talk about my server philosophy. A server should run exactly the software it needs to complete its task, nothing more and nothing less. Every piece of software on a server is a potential vulnerability so the fewer things installed, the fewer things you need to manage. A great example of this is the recent dll vulnerabilities found in Notepad++. System administrators around the globe would say it’s just a text editor and it’s handy to have locally installed, but we found out that it had zero-day exploit that government agencies were leveraging to gain access to systems. The vulnerability has since been patched but a system that did not have it installed in the first place would inherently be more secure.

Install your tools on your local machine and use a secure transfer method to move the edited files to the server. Https, sftp or something similar. The same philosophy applies to server roles. If your server doesn’t need to run the DNS role, don’t install it. That’s just one more thing you have to secure and update. If I’m setting up a server that needs to run SQL it will only have SQL installed and the other basic tools that are required for security and monitoring. This makes my job much easier when I scan to see if any ports are open on the system.

Speaking of ports, use them or close them. If you aren’t SSHing into your windows machines make sure that port is closed. You can hide your ports in a non-standard rage such as bumping 3389 to some random high port like 5566 but don’t count on it to keep your computer safe. Run a routine audit on your machines, scan the open ports and compare the results to what is running on the machine. If you find an open port that isn’t part of the software known to be running on that machine, investigate. I use everyone’s favorite network scanning tool Nmap to routinely audit my servers to make sure no suspicious ports are open. There are windows ports of Nmap if you just want to do basic scanning through a GUI.

New exploits and vulnerabilities are being discovered every day. Software companies these days are much better than they were in the past about securing their software. All the big players are constantly rolling out security patches for everything from OS updates to apps on your smartphone. You can automate these patches whenever possible but just make sure it gets done.

Windows updates can be automated pretty easily on everything from your home machine to servers using SCCM. I know the constant popups for windows updates on your laptops are annoying, but set it and forget it. Microsoft has been very reliable with its patches in recent years so have your machine wake up at 2 a.m., download your updates and reboot.

For servers, set up a patching cycle that runs on your test environment first, then schedule your outage and keep up to date on those patches. Vulnerabilities in recent years has been found on everything from DNS to RDP to HTTPS. Don’t forget about all of your applications. See the example of Notepad++ above where a vulnerability was found on a Tuesday and by Thursday a new patch was released. Software developers take security seriously and so should we all.

By Chris Stachiw | November 27, 2017 | | 28 Comments

28 Comments

  • I visit daily some sites and websites to read content, but this weblog provides quality based writing.

  • 17ea donde comprar viagra barata

    [url=http://viagrabuyfwuq.com/]annonce de viagra[/url]
    efectos viagra en el deporte

    viagra vendita online

  • What’s up Dear, are you actually visiting this site on a regular basis,
    if so after that you will without doubt get fastidious
    know-how.

  • continuously i used to read smaller articles which
    also clear their motive, and that is also happening with this paragraph which I
    am reading now.

  • An impressive share! I have just forwarded this onto
    a coworker who has been conducting a little research on this.
    And he actually bought me breakfast simply because I discovered it for him…
    lol. So allow me to reword this…. Thanks for the meal!!
    But yeah, thanks for spending some time to talk about
    this subject here on your blog.

  • c98b site fiable achat viagra

    [url=http://viagrayqdd.com/]viagra pour homme en pharmaci[/url]
    viagra from china

    buy viagra in walmart

  • I like the valuable information you supply on your articles.
    I will bookmark your blog and test again right here frequently.
    I am slightly certain I will learn many new stuff proper right
    here! Best of luck for the following!

  • Write more, thats all I have to say. Literally, it seems as though
    you relied on the video to make your point. You
    definitely know what youre talking about, why waste your intelligence on just
    posting videos to your weblog when you could be giving us something enlightening to read?

  • I have been surfing online more than 4 hours today, yet I
    never found any interesting article like yours. It’s pretty worth enough for
    me. In my opinion, if all web owners and bloggers made good content as you did,
    the net will be much more useful than ever before.

  • Great web site. Plenty of helpful information here. I’m sending it to
    a few pals ans also sharing in delicious. And obviously, thanks for your effort!

  • Hey there, I think your website might be having browser
    compatibility issues. When I look at your blog
    in Opera, it looks fine but when opening in Internet Explorer, it has some overlapping.
    I just wanted to give you a quick heads up! Other then that,
    superb blog!

  • Hi mates, pleasant paragraph and fastidious arguments commented here, I am genuinely enjoying by
    these.

  • Hi! This is my first visit to your blog! We are a team of volunteers and starting a new initiative in a community in the same niche.
    Your blog provided us valuable information to work on. You
    have done a wonderful job!

  • Hi there would you mind letting me know which webhost you’re working with?
    I’ve loaded your blog in 3 completely different browsers and I must say this blog loads a lot
    faster then most. Can you suggest a good internet hosting provider at a fair price?
    Many thanks, I appreciate it!

  • When some one searches for his required thing, thus he/she wishes to be available that in detail, so that thing
    is maintained over here.

  • 4a06 site fiable achat viagra

    [url=http://buyviagrauurr.com/]cheap viagra[/url]
    acheter du vrai viagra

    viagra soft generika

  • Hi there, all is going perfectly here and ofcourse every one is
    sharing information, that’s in fact good, keep up writing.

  • I have fun with, result in I discovered just what I was having a look
    for. You’ve ended my four day long hunt! God Bless you man. Have a great day.

    Bye

  • LesJons says:

    Amoxicillin Regimen For Tooth Macrobid Where To Buy [url=http://allngos.com][/url] Cialis Livraison Rapide Cialis Authentique Prix

  • 7a21 pattaya is 2011 price

    is gnrique deutschland

  • It’s not my first time to pay a visit this web page, i am visiting this web page dailly and obtain pleasant
    information from here all the time.

  • Having read this I thought it was very enlightening.

    I appreciate you taking the time and effort to put this information together.
    I once again find myself spending a significant amount of time both
    reading and posting comments. But so what, it
    was still worth it!

  • I visited various web pages but the audio feature for audio songs current at this
    web page is really wonderful.

  • I just want to tell you that I’m beginner to blogs and seriously loved this page. Very likely I’m going to bookmark your blog . You certainly have perfect article content. Regards for revealing your webpage.

  • Excellent beat ! I would like to apprentice whilst you amend your website, how
    can i subscribe for a blog web site? The account helped
    me a acceptable deal. I have been a little bit familiar of this your
    broadcast offered brilliant clear idea

  • GalyaPeand says:

    f647 is flushed face

    is sevill

  • WOW just what I was searching for. Came here by searching for quest
    bars cheap

  • thank you for sharing!. “Nothing is easy to the unwilling.” by Nikki Giovanni..

  • ADD A COMMENT

    Click here for Live Chat