Table of ContentsSS KeysFirewallVPN and Private NetworksPublic Key Infrastructure and SSL/TL EncryptionService AuditFile Auditing and Intrusion Detection SystemsIsolated Runtime EnvironmentsKerberosCriteria Followed to Distinguish Security PracticesThe Server secure refers to the web server that ensures secure online transactions and it uses Secure Socket Layer (SSL) to encrypt and decrypt the data so that the data does not face unauthorized access. There are several types of data stored on a server, such as high, moderate, and low risk data [1]. Examples of high-risk servers are departmental mail servers, Active Directory, DNS, etc. ; examples of moderate risk servers are a non-public contract database, an online server for student admission, etc. and examples of low-risk servers are online maps, bus timetables, online university catalog displaying academic course descriptions, etc. There are several practices that are performed and are considered best security practices for server protection, such as patching, inventory, firewall controlled access, software locking, centralized logging, intrusion detection, DBG scanning, dedicated administration workstation, use of SSH keys, VPNs and private networks. etc.[2] These security methodologies are discussed briefly in advance. Say no to plagiarism. Get a tailor-made essay on “Why Violent Video Games Should Not Be Banned”? Get the Original Trial SSH Keys SSH, or secure shell, is a secure protocol and the most common way to securely administer remote servers. Using numerous encryption techniques, SSH provides a mechanism for establishing a cryptographically secure connection between two parties, authenticating each party to each other, and transmitting commands and results.[3] To configure SSH key authentication, you must place the user's public key on the server in a special directory. When the user connects to the server, it will ask for proof that the client has the associated private key. The SSH client will use the private key to respond in a way that proves ownership of the private key. The server will then allow the client to connect without a password. FirewallFirewall is software (or hardware) that controls which services are exposed to the network, which means blocking or restricting access to every port except those that should be publicly accessible. server, a number of services can be run by default. These can be classified into the following groups: Public services available to everyone on the Internet, often anonymously. A good example of this is a web server that might allow access to your site. Private services that should only be accessible by a select group of authorized accounts or from certain locations. An example of this might be a database control panel. Internal services that must be accessible only from the server itself, without exposing the service to the outside world. For example, it might be a database that only accepts local connections. Firewalls are an essential part of any server setup. Even if your services implement security features themselves or are limited to the interfaces you want them to run on, a firewall provides an additional layer of protection. A properly configured firewall will restrict access to everything except the specific services you needto stay. open. Exposing just a few pieces of software reduces your server's attack surface, limiting vulnerable components to exploitation. VPNs and Private NetworksPrivate networks are networks that are only available to certain servers or users. For example, in DigitalOcean, private networks are available in some regions as a data center-wide network. A VPN, or virtual private network, is a way to create secure connections between remote computers and present the connection as if it were a local private network. . This allows you to configure your services as if they were on a private network and connect remote servers over secure connections. Using a private network rather than a public one for internal communication is almost always preferable given the choice between the two. However, because other users in the data center can access the same network, you still need to implement additional measures to secure communication between your servers. Using a VPN is actually a way to map a private network that only your servers can use. see. Communication will be completely private and secure. Other applications can be configured to pass their traffic through the virtual interface exposed by the VPN software. This way, only services intended to be consumed by clients on the public Internet should be exposed on the public network. Public Key Infrastructure and SSL/TLS Encryption Public key infrastructure, or PKI, refers to a system designed to create, manage, and validate certificates to identify individuals and encrypt communications. SSL or TLS certificates can be used to authenticate different entities to each other. After authentication, they can also be used to establish encrypted communication. Service Audit So far, we've discussed some technologies you can implement to improve your security. However, a big part of security is analyzing your systems, understanding the available attack surfaces, and locking down components as best you can. Service auditing is a process of discovering which services are running on the servers in your infrastructure. Often the default operating system is configured to run certain services at startup. Installing additional software can sometimes result in dependencies that are also started automatically. File Auditing and Intrusion Detection Systems File auditing is the process of comparing the current system with a record of the files and file characteristics of your system when it is in a known good state. . This is used to detect changes to the system that may have been authorized. An intrusion detection system, or IDS, is software that monitors a system or network for unauthorized activity. Many host-based IDS implementations use file auditing as a method to check if the system has changed. Isolated Execution Environments Isolated execution environments refers to any method in which individual components are executed in their own dedicated space. This may involve separating your discrete application components. on their own servers or may refer to configuring your services to run in chroot environments or containers. The level of isolation depends heavily on your application requirements and the realities of your infrastructure. KerberosKerberos is a system that supports authentication in.