Managing Malware Threats on Your Web Servers
IT managers and security professionals are increasingly worried about targeted malware and its effect on business operations for their enterprise web servers. However, according to a recent survey by security firm Bit9, these professionals are decreasingly confident in their ability to identify and stop such security threats.
Bit9’s server security survey found that targeted malware attacks are the top server security concern of 52 percent of respondents (all 966 respondents are IT and security professionals), up 15 percent from the prior year.
Twenty-five percent of survey respondents said their servers were attacked in 2012, up 8 percent. Twelve percent of those surveyed ranked “too much administrative effort” required by traditional security solution as a bigger concern than actual attacks. Forty-three percent of respondents use more than one full-time employee to manage server security.
“These results highlight the need for greater control in identifying and stopping advanced attacks on valuable server resources-before they execute-while decreasing the security-related administrative workloads of IT and security professionals,” said Brian Hazzard, vice president of product management for Bit9. “The key to securing enterprise servers-both physical and virtual-is to allow only trusted software to execute and prevent all other files from running.”
Besides the obvious idea of installing anti-virus/anti-malware software on your web servers, here are some other ideas for securing them:
1. Remove services you are not using
Default operation system installations and configurations are not secure because many unnecessary network services are installed, such as remote registry services, print server services, etc. The more services running on an OS, the more ports will be left open for malicious users to enter. So, disable unnecessary services so that the next time the server is rebooted, they are not started automatically.
2. Patch, patch, patch
Make sure you enterprise web platforms and Content Management Systems (CMSes) are kept up-to-date. Open source platforms are very often well-maintained in terms of security vulnerabilities. Monitor the blogs and/or vendor announcements for availability of new patches. Ensure that you have a way to test patches for your systems and that you have a regular patch cycle. Be prepared to patch more often should immediate remediation be required. date maintainedMost enterprise web platforms Default operation system installations and configurations are not secure because many unnecessary network services are installed, such as remote registry services, print server services, etc. The more services running on an OS, the more ports will be left open for malicious users to enter. So, disable unnecessary services so that the next time the server is rebooted, they are not started automatically.
3. Secure remote access
Whenever possible, server administrators should login to web servers locally. However, if remote access is needed, make sure that the remote connection is secured properly by using tunneling and encryption protocols (e.g., VPN). When possible, restrict remote access to specific accounts only, and make sure that old accounts are disabled when no longer needed.
4. Server-side scripting and web application content
Keep web application or website files and scripts on a separate partition or drive other than that of the OS, logs, and any other system files. Hackers who gain access to the web root directory are able to escalate their privileges and gain access to data on the whole disk, including the OS and other system files.
5. Keep development, testing, and production environments separate
It is easier and faster to develop a newer version of a web application on a production server, so it is common to develop and test an application directly on the production servers themselves. Therefore, it is also common on the Internet to find newer versions of a specific website, or some content which should not be available to the public, in directories such as /test/, /new/, or other sub directories. These applications are in their early development stages, so they tend to have vulnerabilities. To avoid the threat of a hacker using these versions of your application, conduct the development and testing of web applications on servers isolated from the Internet, and never connect them to real life data and databases.
These steps are just the start to a more secure server environment. The best thing you can do to keep your organization safe from the threat of malware is to stay abreast of security technologies, as they are developed, to stay one step ahead of malicious users.