Protect your business online

Server security

Guide

Servers are powerful computers that provide one or more services (such as email, web or file servers) to users on a particular network. Cyber criminals frequently target servers because of the nature of sensitive data they often hold.

What is server security?

Server security focuses on the protection of data and resources held on the servers. It comprises tools and techniques that help prevent intrusions, hacking and other malicious actions.

Server security measures vary and are typically implemented in layers. They cover:

  • the base operating system - focusing on security of critical components and services
  • hosted applications - controlling the content and services hosted on the server
  • network security - protecting against online exploits, viruses and attacks

Insecure servers are significant business risk and can cause many network security issues.

How do I secure a server?

Securing large, complex servers can require specialist skills. However, any business using a server should be aware of the risks and - at the very least - use basic cyber security measures.

Good management practices can help you improve your business' server and network security. If you are not using a secure data centre to host your servers, you should:

  • keep them locked
  • monitor and restrict access to them
  • monitor server reports, such as security logs
  • assess their environment for other risks, eg temperature and fire
  • maintain stable power supply

As with regular desktop PCs, servers will need:

  • a firewall
  • regular backup and updates
  • reliable security software
  • reliable maintenance and support services

Network firewall security

A firewall is a piece of software or hardware that filters all incoming and outgoing traffic to your business. Firewall devices can:

  • block malicious email relaying
  • prevent malware from being downloaded from untrusted websites
  • prevent access to blacklisted websites or unsecured services

Hardware firewall

Hardware firewall is a part of broadband routers. It protects your entire local network from unauthorised external access and is usually effective even with minimal configuration.

Software firewall

Software firewall is an application installed on individual computers and devices. It is often part of the operating system and usually needs greater configuration of settings and applications controls.

Server hardening

Regardless of what server software and operating system you run, their default configuration may not be fully secure. You should take steps to increase server security - this process is known as server hardening.

Some common server hardening methods include:

  • using data encryption for communication
  • removing unnecessary software from servers
  • regularly updating operating systems, and applying security patches
  • using security extensions
  • enforcing strong password complexity to protect all user accounts
  • account locking after repeated login failures
  • using brute force and intrusion detection systems
  • backing up data and systems regularly

Using cloud as an alternative to servers

With new digital services now available on cloud platforms, many businesses are moving - or have moved - parts of their infrastructure into the cloud. Potential cost savings and improved functionality are what makes the cloud so appealing.

With some cloud solutions, for example, Software as a Service (SaaS) or Platform as a Service (PaaS), the cloud provider will typically be expected to configure and maintain servers for you, including patching, security hardening, and implementing security functions like logging and auditing.

If you opt for a more 'do it yourself' solution, such as Infrastructure as a Service (IaaS), you will usually be responsible for server security as you would for an on-premise equivalent.

The National Cyber Security Centre has detailed guidance to help you secure your server.