blog posts

The security of virtual servers is one of the most critical aspects of information technology and requires a high level of expertise to implement effectively. Virtual server security can be broadly categorized into the following areas:

• Network Security
• Operating System Security
• Security of Web Services and Their Configuration
• Virtual Server (VPS) Security Testing

Among these, Linux and Windows server security are the most discussed and widely used. These two operating systems have completely different structures and modes of operation, with some similarities in certain areas. A Linux server typically provides a minimal operating system, making it well-suited for web services. CentOS is the most commonly used distribution for Linux-based hosting, and popular control panels like cPanel and DirectAdmin also support this distribution.

How to Test Virtual Server Security

Given that many websites share space and resources on a single server, especially in shared hosting environments, securing these servers is critical. In this section, we’ll explore how to test the security of a virtual server.

Getting Started with the Server

When configuring security on a server, the approach varies based on the operating system. For example, communication with Linux servers is typically done using PuTTY (for SSH), while Windows servers can be accessed via Remote Desktop Connection. After setting up the operating system and necessary services, it’s essential to follow best practices such as limiting unnecessary services and disabling unused services to enhance security.

Configuring Server Security

As cyber threats and attack methods continue to evolve, it’s crucial to continuously update security protocols. Information security services cover a wide range of needs, including protection against spyware, malware, and potential data breaches. Security services in organizations must evolve to meet new threats, and IT staff should regularly update their software and monitoring systems.

Penetration Testing

Penetration testing is a structured method to evaluate the vulnerabilities and security gaps in servers, networks, and associated resources. This service simulates hacker attacks on a system, identifies vulnerabilities, and suggests appropriate solutions to mitigate these risks.

Types of Penetration Testing:

• Black Box Testing: The tester has no prior knowledge of the system and must rely on external techniques to identify vulnerabilities.
• Transparent Testing: The tester has full access to the system’s specifications and performs a simulated attack based on this information.
• Gray Box Testing: The tester has partial access to system information and can perform tests based on this limited knowledge.

Penetration testing should be conducted based on the sensitivity of the systems and the level of security required. For high-security systems, transparent testing is ideal, while for lower-security systems, gray box or black box testing may be sufficient. It is also important that penetration tests are carried out with proper coordination with the system’s owner to avoid disruptions.

Using Security Information Management (SIM)

Security Information Management (SIM) products play a crucial role in maintaining an organization’s security. These tools collect and analyze system events and alert administrators to unexpected or malicious behavior. By consolidating data from various systems, SIM solutions help detect potential security incidents and take appropriate action.

IDS/IPS Setup

Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) offer deeper traffic monitoring and protection than firewalls. These tools track network traffic and compare it against a database of known attack patterns.

• IDS: Detects suspicious network traffic and alerts administrators.
• IPS: Performs the same detection as IDS but goes a step further by actively blocking malicious traffic.

Both IDS and IPS are essential for a comprehensive security strategy, as they help prevent attacks before they can harm the system.

Firewall Installation and Configuration

Firewalls are essential for controlling incoming and outgoing network traffic, whether hardware or software-based. Hardware firewalls are typically used as network infrastructure devices, while software firewalls are installed on operating systems to protect against unauthorized access and threats like Trojans and worms.

Both types of firewalls are important for maintaining the integrity of the network. In small or medium-sized organizations, software firewalls may suffice, while larger enterprises often require more robust hardware firewalls for greater protection.

Managing Security Vulnerabilities

Regular updates and patch management are crucial for minimizing security vulnerabilities. Systems within a network should be kept up-to-date to ensure security holes are patched promptly. Automated update systems can save time and bandwidth while ensuring security patches are deployed across the network quickly.

Web Application Security on Virtual Servers

It’s vital to test, scan, and fix security holes in web applications, as they are often prime targets for cyberattacks. Vulnerability scanning tools and secure coding practices can help identify and remediate weaknesses in web applications.

Security Consulting

Consulting in risk management and securing damaged systems after malware attacks is another critical aspect of security. Implementing and maintaining an Information Security Management System (ISMS) allows organizations to create, deploy, and monitor security measures more effectively.

Preventing Symlink Attacks

Symlink (Symbolic Link) attacks are a significant concern in server security. A symlink creates a reference to a file or directory, making it accessible from different locations in the file system. This can allow unauthorized access if one user account is compromised.

To prevent symlink attacks:

• Linux Servers (cPanel):
  1. Navigate to WHM > Service Configuration > Apache Configuration > Global Configuration.
  2. Set the Server Tokens to ProductOnly.
  3. Disable FollowSymLinks and ExecCGI in the root directory options, ensuring SymLinksIfOwnerMatch is enabled.
  4. In PHP Configuration Editor, disable symlink and ln functions.
  5. Enable mod_userdir Protection and PHP open_basedir Protection in Security Center.
• DirectAdmin:
  1. SSH into the server and run the following commands:

     cd /usr/local/directadmin/custombuild
     ./build update
     ./build set harden-symlinks-patch yes
     ./build apache
     ./build rewrite_confs
     

     2. Edit php.ini to disable symlink and ln functions.

Conclusion

Penetration testing is an essential part of evaluating server security. By simulating hacker attacks, penetration tests identify vulnerabilities and help secure the system and its resources. Throughout this article, we’ve covered key aspects of virtual server security, including penetration testing, firewall configuration, and the prevention of symlink attacks. Implementing these measures can significantly improve the security of virtual servers and protect them from potential threats.