Be Prepared

May 26, 2009

The biggest headache in owning an IT company is security. Its also one of those things especially for a smaller company you don’t think you need till something happens. This always reminds me of when I was in boy scouts. “Be Prepared”.

IT security is a big business, but there are a lot of things we can do to prepare ourselves so we don’t have to spend hundreds or even thousands of dollars. Everyone in the IT world has to spend money on this one way or another. It could be spending your own time to secure your services, or paying someone to do it for you. If you don’t do either one of these, you’re going to end up losing money when you do get attacked or hacked.

The key is to be proactive, and not reactive. If you are always running after something its harder to catch than if your in front of it ready for it to come. So what we need is a plan, or maybe two. One plan is needed to set up security, and a second should be used to keep an eye on what is going on so things don’t get out of hand.

Some may know where to start when it comes to securing your server. You are in luck. I am going to go over the simple and most important steps to securing your server.

HOST ACCESS

This is the most important step to security. You don’t want people to be able to gain access to your system. There are some very simple steps to doing this.

1. Remote Console

The first thing you should do when setting up your server is to restrict the remote access to your server.

1 = Change the access port ( you can change the access port of both sshd and remote desktop)

2 = Use a secure password (SoftLayer has tools in the portal just to help you make a secure password)

3 = Only allow connections to remote access from trusted networks (this can be done by a firewall solution)

SoftLayer provides one solution that makes this really easy: our Internal Network and VPN. You can just setup your software to allow connections from 10.0.0.0/8 network and you are now protected!

2. Firewalls

This is a must have, and the good thing is that software firewalls are FREE. Both Windows and Linux O/S come with firewalls. Now we just have to set it up. Setting up firewalls can sometimes be hard, but most people don’t need anything fancy. Accept for the services you use, and deny everything else. Also remember if you do want remote access available via your public IPs, your really should restrict those ports via a firewall to make sure only your networks can access it.

AUDITING

This is next most important step to be proactive. The great thing is yet again SoftLayer provides you with the tools for FREE!

1. IDS (Intrusion Detection System)

This technology works by looking at all the little packets coming in and decides if it is bad traffic or good traffic. The hardware and software of this can be very hard to setup, and or very expensive. But you don’t have to worry about this. SoftLayer has farms of IDS hardware there for you, FOR FREE!

2. Scanning

1 = Virus

You will always want to make sure your data is clean and the best way to do that is a weekly virus scanning on your machine. The great thing is we also provide you with the software to do this FREE!

2 = Network

One of the best ways to looks for security problems is to have someone run a network scan on your system. These tools let you find all the holes that you may need to patch up so that your system is secure. Yet again SoftLayer provides you this tool for FREE!

So there you have it a short list of things to do, that will help you keep your data safe and out of the hands of hackers. Security is very important to you as an owner, and for your customers. Just remember if you are proactive, you can cut out a lot of the headaches later on. The other thing to keep in mind when doing this stuff for the first time is to document your steps. Now that you did all the leg work once, now you have a check list on how to do it every time you business expands and you order a new server.

Comments

May 26th, 2009 at 4:24pm

Lester:

Great post. Simple, easy, to the point.

Miguel

Leave a Reply

Filtered HTML

  • Web page addresses and e-mail addresses turn into links automatically.
  • You can enable syntax highlighting of source code with the following tags: <pre>, <blockcode>, <bash>, <c>, <cpp>, <drupal5>, <drupal6>, <java>, <javascript>, <php>, <python>, <ruby>. The supported tag styles are: <foo>, [foo].
  • Allowed HTML tags: <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
By submitting this form, you accept the Mollom privacy policy.

Comments

May 26th, 2009 at 4:24pm

Lester:

Great post. Simple, easy, to the point.

Miguel

Leave a Reply

Filtered HTML

  • Web page addresses and e-mail addresses turn into links automatically.
  • You can enable syntax highlighting of source code with the following tags: <pre>, <blockcode>, <bash>, <c>, <cpp>, <drupal5>, <drupal6>, <java>, <javascript>, <php>, <python>, <ruby>. The supported tag styles are: <foo>, [foo].
  • Allowed HTML tags: <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
By submitting this form, you accept the Mollom privacy policy.