IT SECURITY OF CLIENT SERVERS
he IT security of client servers is our priority. At Publissoft we are very aware of the value of your data, so we have put in place a whole system of security software that meets the highest standards of current technology.
With the development of technologies and the omnipresence of the internet, there are more and more websites every day, many people or companies develop their own site to have a wider visibility for their work or their services. Nevertheless, the majority of them, unless it is a very large company, host their site with a third party because they cannot get a powerful server capable of managing the website. Therefore, the computer security for client servers is very important for hosts to protect the websites of their clients against any attack.
1. WHY ENSURE THE COMPUTER SECURITY OF CLIENT SERVERS? AND HOW TO DO IT?
When a system is used as a server on a public network, it becomes the target of attacks. It is therefore important for the system administrator to harden the system and lock services.
Before embarking on specific questions, you should review the following general tips to improve server security:
• Keep all services up-to-date to protect against the latest hazards.
• Use secure protocols as much as possible.
• Serve only one type of network service per machine as much as possible.
• Carefully check all servers for suspicious activity.
After these basic tips we will mention other tips in more detail for the computer security of the client servers.
2. SECURING SERVICES WITH TCP WRAPPERS
TCP wrappers provide access control on various services. Most modern network services, such as SSH, Telnet, and FTP, use TCP wrappers that guard between incoming requests and the service being queried.
TCP wrappers can be used for much more than to deny access to services. They are also used to send login banners, prevent attacks from particular hosts, and improve logging functionality.
2.1. TCP WRAPPERS AND CONNECTION BANNERS
When connecting a client to a service, sending an intimidating banner is a good way to hide the system used by the server while warning the attacker that the system administrator is vigilant.
2.2. TCP WRAPPERS AND ATTACK WARNING
If a particular host or network has been identified attacking the server, TCP wrappers can be used to notify the administrator of subsequent attacks from that host or network using the spawn directive.
2.3. TCP WRAPPERS AND ADVANCED LOGGING
If some connection types are more concerning than others, the logging level can be high for this service with the severity option.
3. SERVICE SECURITY WITH THE XINETD COMMAND
The benefits offered by TCP wrappers are increased with the use of the xinetd command, a super service offering greater access, logging, linking, redirection and resource utilization control capabilities.
The xinetd super server is another useful tool for controlling access to its subordinate services. Xinetd can be used to configure a trap service and control the amount of resources used by a xinetd service to counter denial of service attacks.
3.1. PREPARE A TRAP
An important feature of xinetd is its ability to add hosts to a global no_access list. The hosts on this list are denied any connection to services managed by xinetd for a specified amount of time or until xinetd is restarted. This is accomplished using the SENSOR attribute. This technique is an easy way to block hosts trying to scan server ports.
3.2. CONTROL OF SERVER RESOURCES
Another important feature of xinetd is its ability to monitor the amount of resources that services under its control can use.