By now, we are all well aware of the wild, wild world of the Internet. Anyone who has stood up a server, registered the domain name, and gotten some links to their site, knows that your servers almost immediately start getting “sniffed” by various sources. In many cases, this sniffing leads to an attempt in short order to try to analyze your server for various known holes or flaws. Organizations with much larger resources than yours (think: governments and the Fortune 100) routinely are disrupted, defaced, or outright brought down for the count so you can be sure that truly foolproof network security is nearly impossible to guarantee. What you can do for your server infrastructure, however, is “get a grip” on the basics of network security. There are enough gaping holes out on the Internet – many leading to databases or network access of great interest to hackers – that if you succeed in plugging all the common security holes, you will have thwarted the vast majority of infiltration attempts.
The first line of defense any business with multiple servers should consider setting up is a hardware firewall between the server farm and the Internet itself. These firewalls can be configured not only to allow certain types of traffic over very specific ports but they also can be enabled to examine the content of traffic and the location the traffic is coming from as well. Unverifiable or outright verifiably bad traffic can be easily thwarted.
In addition, software firewall products such as DotDefender provide enterprise-class security on individual servers by monitoring all files download or uploaded and any changes to the local environment. Software firewalls can also be configured to block ranges of ports on a server and to only allow traffic into/out of the server using specified protocols (i.e. HTTP is allows but FTP is not).
Although it is often ignored, human security is also a critical safeguard to your network. This runs the gamut from an insistence on strong passwords throughout all of your enterprise applications and your wireless networks all the way to ensuring card-key or biometric access to the rooms and/or buildings housing your equipment. SSL encryption is a key component to any transmission of data over the Web and many web hosts go the extra mile and also insist upon SFTP (Secure FTP) instead of the more traditional FTP as well as remote terminal access via SSH, which relies on encrypted communications between the client and server. In terms of the physical architecture of your servers, one common rule of thumb is to never allow database or file servers to directly be accessible from the Internet. Instead, typically web servers are deployed into their own “DMZ” that only allows HTTP traffic in/out over port 80. These web servers alone are then allowed to tunnel through the firewall on the appropriate port used by Oracle/SQL Server/MySQL database connections.
If you have any sort of server infrastructure on the Internet today that you consider to be vital to your business’s operations, plan on taking steps to shore up your network security. Your business will thank you for it through increased uptime and confident customers.