Posts Tagged 'Firewalls'

May 26, 2009

Be Prepared

The biggest headache in owning an IT company is security. Its also one of those things especially for a smaller company you don’t think you need till something happens. This always reminds me of when I was in boy scouts. “Be Prepared”.

IT security is a big business, but there are a lot of things we can do to prepare ourselves so we don’t have to spend hundreds or even thousands of dollars. Everyone in the IT world has to spend money on this one way or another. It could be spending your own time to secure your services, or paying someone to do it for you. If you don’t do either one of these, you’re going to end up losing money when you do get attacked or hacked.

The key is to be proactive, and not reactive. If you are always running after something its harder to catch than if your in front of it ready for it to come. So what we need is a plan, or maybe two. One plan is needed to set up security, and a second should be used to keep an eye on what is going on so things don’t get out of hand.

Some may know where to start when it comes to securing your server. You are in luck. I am going to go over the simple and most important steps to securing your server.

HOST ACCESS

This is the most important step to security. You don’t want people to be able to gain access to your system. There are some very simple steps to doing this.

1. Remote Console

The first thing you should do when setting up your server is to restrict the remote access to your server.

1 = Change the access port ( you can change the access port of both sshd and remote desktop)

2 = Use a secure password (SoftLayer has tools in the portal just to help you make a secure password)

3 = Only allow connections to remote access from trusted networks (this can be done by a firewall solution)

SoftLayer provides one solution that makes this really easy: our Internal Network and VPN. You can just setup your software to allow connections from 10.0.0.0/8 network and you are now protected!

2. Firewalls

This is a must have, and the good thing is that software firewalls are FREE. Both Windows and Linux O/S come with firewalls. Now we just have to set it up. Setting up firewalls can sometimes be hard, but most people don’t need anything fancy. Accept for the services you use, and deny everything else. Also remember if you do want remote access available via your public IPs, your really should restrict those ports via a firewall to make sure only your networks can access it.

AUDITING

This is next most important step to be proactive. The great thing is yet again SoftLayer provides you with the tools for FREE!

1. IDS (Intrusion Detection System)

This technology works by looking at all the little packets coming in and decides if it is bad traffic or good traffic. The hardware and software of this can be very hard to setup, and or very expensive. But you don’t have to worry about this. SoftLayer has farms of IDS hardware there for you, FOR FREE!

2. Scanning

1 = Virus

You will always want to make sure your data is clean and the best way to do that is a weekly virus scanning on your machine. The great thing is we also provide you with the software to do this FREE!

2 = Network

One of the best ways to looks for security problems is to have someone run a network scan on your system. These tools let you find all the holes that you may need to patch up so that your system is secure. Yet again SoftLayer provides you this tool for FREE!

So there you have it a short list of things to do, that will help you keep your data safe and out of the hands of hackers. Security is very important to you as an owner, and for your customers. Just remember if you are proactive, you can cut out a lot of the headaches later on. The other thing to keep in mind when doing this stuff for the first time is to document your steps. Now that you did all the leg work once, now you have a check list on how to do it every time you business expands and you order a new server.

May 6, 2009

Always Use Protection

When it comes to managing a server remember you can never be to careful. In this day and age we face a lot of things that can damage and even take a server to its knees here’s a few things for everyone to consider.

Anti-virus:

This is a must on systems open to the net now days. There are always nasty little things floating around looking to take your server apart from the OS out. For windows servers there are a multitude of choices and I’ll just mention a few that can help protect your goods. You can use several programs such as avast (which offers a free edition), ClamWin (open source), Kaspersky , and Panda just to name a few. I would suggest before installing any of these you check links such as http://en.wikipedia.org/wiki/List_of_antivirus_software to name one that provides a list of several choices and their compatibility. You may also want to read reviews that compare the available options and give you an idea of what to expect from them. This will allow you to make an informed choice on which one works best for you. Now with linux there are also several options for this including the well known clamav which from personal experience works really well and can be installed on a variety of linux disro’s(aka distributions). It’s very simple to use and may prevent you from headache later on down the road.

Firewalls:

Firewalls are a double edged sword but are most defiantly needed. When it comes to firewalls you can protect yourself from quite a bit of headache however if setup to strict you can block positive traffic and even yourself from reaching your server but in the long run a defiant way to help protect your server from unwanted visitors. A lot of firewalls also have modules and add-ons that further assist in protecting you and securing your server. If in doubt it’s always a good idea to have a security company do an audit and even a security hardening session with your server to make sure you are protected the best way possible.

Passwords:

This is probably one of the most important this you can do to secure your server. Use strong passwords (no using password or jello is not a secure password even if it is in all caps) and if you are worried about not being able to come up with a secure one there are several password generators on the web that can come up with secure ones to assist. Passwords should contain caps letters, numbers, symbols, and should be at minimum 8 – 10 characters (the more the better). It’s the easy to remember and easy read passwords that get you into trouble.

Armed with this information and so much more on security that can be located on the web using the great and all powerful Google should be a good start to making sure you don’t have to worry about data loss and system hacks. Also remember no matter how secure you think you are make regular backups of all your important data as if you server could crash at any time.

Subscribe to firewalls