Recommendations to secure a server connected to Internet
In Brief
Security measures are behavioural, organisational or technical measures that seek to guarantee the confidentiality, integrity and availability of an asset. Security measures aim to reduce the vulnerabilities exploited by threats, thereby reducing impacts. They are defined during the risk treatment phase of the risk management process.
Security Measures
- It is strongly recommended to regularly update the operating system as well as the server applications. The exploitation of these technical vulnerabilities can cause corruption of the operation of the server or theft, respectively destruction of files and possibly hijacking of data flows. Write and enforce a sectoral system development and maintenance policy.
- It is strongly recommended to limit the functionality of the server to a single task and not to host any other application on this same virtual server, respectively physical.
- It is strongly recommended to segment the network and put the server in a DMZ. Access to the server must, therefore, go through a firewall and ideally through an IDS/IPS. Write and enforce a Sector Policy for access control.
- It is strongly recommended to integrate the server in the backup plan. Write and enforce a sectoral policy for the management of operations and telecommunications. Write and enforce a sectoral policy related to operational aspects and communications.
- It is strongly recommended to set up a strong authentication for any access from outside the entity. Write and enforce a sectoral policy for access control.
- It is strongly recommended to impose certain robustness of the password of the users, as well as for the administrator account. Write and enforce a sectoral policy for access control.
- It is strongly recommended to set up a logging system if it is not already in place by default. It is also important to be able to evaluate the content of the log files; therefore, the use of tools for aggregation and analysis, or even alerting, of log files is very useful. This logging must comply with the laws on the protection of personal data - surveillance at the workplace (see the CNPD website).
- It is strongly recommended that you protect this server from malicious code. Antivirus scanning software must be updated regularly to be able to recognise and remove the latest malicious code. Write and enforce a sectoral policy on operational aspects and communications.
- For servers classified as important or vital, it is proposed to conclude a maintenance contract with an intervention period corresponding to the classification level of the server. Write and enforce a physical and environmental security sector policy.
- For servers classified as important or vital, it is strongly recommended to use inverters to ensure electrical security. Write and enforce a Sector Policy for Physical and Environmental Security.
- It is strongly recommended to secure physical access to the server only to those entitled. Write and enforce a Sector Policy for Physical and Environmental Security.
- If the server is discarded, it is strongly recommended that you physically destroy the hard disks (using a shredder or demagnetiser). Write and enforce a physical and environmental security sector policy.
- Document the most important manipulations on the server (backup, shutdown, startup…). Write and enforce a Sector Policy on Operational Aspects and Communications.