Introduction To Server

Security
Prepared by: Parth Kshatriya
 Securing Server
 Use a firewall: A firewall is a network security system that
monitors and controls incoming and outgoing network traffic. It
acts as a barrier between a trusted network and non-trusted
network.
 Upgrade your software and operating system.

 Configure your computer to file backups.

 Install SSL certificates.

 Use virtual private networks.

 Use secure file transfer protocols.

 Establish and use a secure connection.

 Use SSH keys authentication.

 Establish password requirements.

 Server Security Functionality
 Access control: Limits access to specific resources, like files,
folders, and databases.
 Encryption: Converts data into a code that can only be deciphered
by authorized users with a unique key.
 VPN: Encrypts internet traffic and routes it through a secure server.
 Secure connectivity: Disables insecure protocols and ensures
businesses are using the latest and most secure protocols.
 Remote access configuration: Allows communication with the
server without the client and server being on the same local area
network.
 Server Security
 Server security is a combination of technical and administrative measures that
protect servers from unauthorized access and data leaks. It includes tools and
techniques that help prevent hacking, and other malicious actions.
 what are the objectives of server security?
 The goal of server security is to protect the integrity, confidentiality, and
availability of the resources and services your servers provide.
 There are five objectives for server security monitoring:
1. Maintain a Safe Network
2. Maintain Vulnerability Management
3. Prevent Unauthorized Access
4. Ensure Security Flaws are Immediately Reported
5. Maintain Integrity of Data and Security Assets
 File Security
 A file is relatively safe from modification if one has write permission
to it. If write permissions were turned on for the
web server user, and a security hole was found in the web server
software, they could be in trouble.
 The only permission that must be granted to serve a file out via
a web server is read permission for the web server user can
read the file, it can serve the file out to anyone connecting into
the web server that request that file.
 Some web servers have a feature allowing a webmaster to disable
directory browsing. If your web server has this feature, put the read
access back on the directory you created and turn off directory
browsing in the web server’s configuration.
 SSL
 Secure socket layer.
 Protocol designed to provide data encryption and authentication
between a web client and a web server.
 Begins with a handshake phase that negotiates an encryption
algorithm and keys, and authenticate the server to the client.
 All data is encrypted using session keys negotiated during the
handshake phase.
SSL
 Fundamental Security Concerns
 SSL server authentication allows a user to confirm a server's identity.
SSL-enabled client software can use standard techniques of public-key
cryptography to check that a server's certificate and public ID are valid
and have been issued by a certificate authority (CA) listed in the client's
list of trusted CAs.
 SSL client authentication allows a server to confirm a user's identity.
Using the same techniques as those used for server authentication, SSL-
enabled server software can check that a client's certificate and public ID
are valid and have been issued by a certificate authority (CA) listed in the
server's list of trusted CAs.
 An encrypted SSL connection requires all information sent between a
client and a server to be encrypted by the sending software and decrypted
by the receiving software, thus providing a high degree of confidentiality.
Confidentiality is important for both parties to any private transaction.
 SSL
 Encrypted SSL session:
 Browser generates symmetric session key, encrypts it with server’s
public key, sends encrypted key to server.
 Using private key, server decrypts session key.
 Browser, server know session key
- All data sent into TCP socket (by client or server) encrypted with
session key.
 SSL: basis of IETF Transport Layer Security (TLS).
 SSL Layering
 Two layers

1. SSL Record layer

 Provides confidentiality, authenticity, replay protection
over a TCP connection.
2. SSL handshake protocol
 Key exchange protocol which initializes and synchronizes
cryptographic state at two endpoints.
 Objectives of SSL Handshake
 Authenticate the server to the client.
 Allow the client and server to select the cryptographic algorithms,
or ciphers, that they both support.
 Optionally authenticate the client to the server.
 Use public-key encryption techniques to generate shared secrets.
 Establish an encrypted SSL connection.
Encryption
 SSH Secure Shell
 A program for logging into remote machine and for executing
commands on a remote machine.
 Provides secure encrypted communications between two untrusted
hosts over an insecure network.
 For authentication, a combination of RSA-based authentication
methods used:
Encryption include Blowfish, DES and IDEA. Idea is the default.
IDEA – International data encryption algorithm.
 What is SSH public key Authentication?
 The motivation for using public key authentication over simple
passwords is security.
 Public key authentication provides cryptographic strength that even
extremely long passwords can not offer.
 With SSH, public key authentication improves security considerably
as it frees the users from remembering complicated passwords.
 In addition to security public key authentication also offers usability
benefits - it allows users to implement single sign-on across the SSH
servers they connect to. Public key authentication also allows
automated, passwordless login that is a key enabler for the countless
secure automation processes that execute within enterprise networks
globally.
Advantages of server security
 VPS:
Virtual Private Servers (VPS) provide a higher level of security than
shared hosting. VPS hosting isolates each user on a physical server,
reducing the risk of security breaches. VPS also gives users more
control over their server's security configurations, including the ability
to install custom firewalls and security software.
 Centralized database:
A centralized database ensures a higher level of security by
establishing protocols for people working with the data. This allows
for monitoring of data access and reduces the amount of data leakage.
 Remove unnecessary services:
Removing unnecessary services from your server operating system can
improve security and performance.
Disadvantage of server security
 Weak passwords:
Weak passwords can be easily hacked and sold on the dark web.
 Old software:
Outdated software can contain vulnerabilities that hackers can
exploit.
 Cyberattacks:
As more devices become connected, the likelihood of cyber-attacks
also increases.
 Establish Password Requirement
 Strong password requirements can help prevent data breaches by
making it harder for attackers to access sensitive data and systems.
 Strong passwords are harder to guess or crack, and regular password
changes make it more difficult for attackers to use compromised
passwords to gain long-term access.
 Here are some password requirements:
1. Length: At least 12 characters long, but 14 or more is better.
2. Complexity: A combination of uppercase letters, lowercase letters,
numbers, and symbols.
3. Uniqueness: Avoid common passwords like “password123”. Use
unique passwords for each account.
4. Change frequency: Change it periodically.