Top ten tips for server security

These guidelines are mainly meant for people who are running their own servers on the Birkbeck network, particularly for those in departments which don't have any full-time system administrators.

They are meant to help you keep your machines up and running, so you can get on with the real work you need to. They are also meant to to help us keep the network up and running, and keep us off your back. They are only the beginning, not the end of improving reliability and security - these recommendations are the bare minimum. You can get a lot more detail from some of the websites listed here.

Remember these days not only is any Unix or Linux or similar computer a server, unless you tell it very hard not to be, Windows machines all are also potentially acting as servers. Windows "workstations" can easily be made into email, FTP or web servers, with or without the user knowing about it!

1. Back it up.
2. Don't run what you don't need. In particular don't run services that can be used for online access unless they are needed.
   • Don't run a mail server - use the College email service (or in Crystallography & CSIS, the School email service).
   • If you are running Unix or similar check that sendmail isn't coming up automatically (most versions have it start by default) and check that you aren't relaying mail for 3rd parties.
   • Also in Unix, go through inetd.conf and remove all services you don't need.
   • In Windows check the Services application in the Control Panel, and check the Startup folders under the Start button. Remove everything you don't need.
   • If possible either don't install or remove office software, web browsers and other personal software tools from servers. In Windows, whatever you do, don't run Active Desktop on a server.
   • If you really care about reliability, think about separating services onto different machines - so you have one computer as a database server, another as a web server, another for FTP and so on.
     
3. Don't share passwords or userids with anyone. Every human user on the system should have their own (different) userid.
   • If you really must have shared userids, maybe for a short course, restrict their privileges to the bare minimum and delete them as soon as they are no longer needed - avoid "permanent temporary" userids.
   • Enforce separation of powers. Even if you are the only person who ever logs on it is a good idea to have an admin userid to do computer admin jobs and a normal userid for getting on with real work.
   • If there is a superuser (such as root on unix) you should save it for emergencies only. If you find you are logging on as root every day (or even every week) you probably need to set up an admin id with sufficient privileges to get the job done.
     
4. Don't have world-writeable files. Ever. Every file should have access control permissions set so that only known userids can write to it.
   • NB this means on Windows you should always use NTFS file systems (not FAT) and ALWAYS check the access control permissions to each disk and every new directory you set up. The default is to give "Everyone" full control of all files. Remove this (after adding yourself of course!)
   • If you must have permission for "Everyone" it should be read-only. Same goes for the Windows pseudousers like "Interactive", "Network", and "Guest", and Unix ones like "guest" and "nobody".
   • If you allow ordinary users to upload files to your server from the network (such as through FTP or scripts) then you should have write-only directories that no user can read or run programs from. Never let web browsers see files that other web-browsers can change.
   • Never, ever have a world-writeable executable file on a server. It is a good idea to run scripts to search for these. (There are loads of examples and hints in the on-line documents mentioned below).
     
5. You did remember to back it up, didn't you?
6. Record all changes you make to system software including:
   • all programs you install
   • any configuration changes you make
   • When you change a file that's important to the operating system keep a copy of the old one with a different name. I use names like "hosts.1999Mar11" to make it obvious.
   • Keep paper records of configuration details (you'll need them when restoring from those backups you just took)
   • Keep all material used to install software (CDs, manuals, disk copies of downloaded files). Not only will this help you trace the cause of any problems you have, it will also help you recover from problems, because it is often easier to reinstall system software than it is to restore it from backup. And if your server has been badly broken into you will want to revert to a "clean" version of the system anyway.
    
7. Keep up to date with upgrades and fixes available for your system.
   • This is the only controversial point here - lots of people will say "if it's not broken, don't fix it". But at any rate you need to know what updates there are and make an informed choice as to whether to upgrade or not.
   • If there is a fix for a serious network vulnerability you really need to install it, because all the hackers will already know about it.
    
8. Keep logs. Make sure that everything that happens (like users logging on, or people uploading files) is automatically recorded & the log files are kept somewhere, at least for a few days.
   • This is the default in most server systems but you need to check that the logs are being kept & that you know where they are. And you need to have a plan for when they fill up all your disk space...
    
9. Keep notes. Document any problems you have with your system. Write down what happened, when it happened, what error messages you saw, what you did to try to fix it, and what worked in the end. Especially the last one. So that next time it happens you know what to do.
   
10. Oh, and back it up!.