Server security is something that many of us push into the 'too hard' basket - usually because we lack the time or patience to learn how to do it.

We are hoping to change this! Our new regular column, 'Focus on Security' will be full of practical advice on securing your vSlice server.

Defence in Depth

Any security expert will tell you that server security needs to be applied at multiple layers to stand a chance against attack. Consider a medieval castle. It stands on a rocky crag (the 1st layer of defence) surrounded by a moat (2nd layer) with doublethick walls (3rd layer) and a separate inner castle for the king and his knights to mount a final defence (4th layer). Attackers are assaulted by archers from the ramparts (5th layer). To assassinate the king (or steal your data) an attacker must navigate every layer before he gains access to your inner sanctum. By putting up different challenges at each layer it is unlikely that an attacker will breach them all.

O/S Updates

Your operating system is updated regularly. If you don't make an effort to download and install those updates then you may be vulnerable to attack vectors that take advantage of unpatched security holes. Updating your O/S is not too difficult but there are a few things that you need to be aware of.

Manual vs Automatic Updates

Some people like to set their O/S to update itself automatically. This has its advantages; updates are set and forget and critical security patches are downloaded quickly. There are disadvantages too: a new version of a critical library, module or program might be incompatible with your applications or with existing O/S modules and cause instability, errors or even downtime. Some companies like to test new patches on a development/test server populated with the same applications before committing it to their production environment. Whether you actually do this will depend on how critical your applications are to your business and whether the downtime caused by an application error would cost more than the testing phase. MD can help here - we regularly clone customer's vSlice servers at their request so that they can perform tests and apply patches before a major change.

Automatic Updates

Windows Server 2003
Open your Control Panel. Doubleclick Automatic Updates and set it to Automatic (recommended). Choose a time to download these and then click Ok.

Redhat/CentOs/Fedora:
Initialise the yum-updatesd service:

#chkconfig yum-updatesd on
#service yum-updatesd start

Cpanel:
In WHM, select "Update Config" and then set cPanel/WHM Updates to Automatic (RELEASE tree)

Debian/Ubuntu:
Download the cron-apt utility:
#apt-get install cron-apt
You can configure cron-apt in /etc/cron-apt or specify when it runs by modifying the /etc/cron.d/cron-apt file
(Note, although cron-apt downloads the updates for you, it does not install them automatically).

Manually updating the O/S

Windows Server 2003:
Select Windows Update from Start Menu > All Programs

Redhat/CentOs/Fedora:
Turn the yum-updatesd service off then run yum update manually

#chkconfig yum-updatesd off
#service yum-updatesd stop
#yum clean all && yum update

Cpanel:
#/scripts/upcp

Debian/Ubuntu:
#apt-get update
#apt-get upgrade

Security is paramount to your business, its beneficial that regular security audits are conducted to ensure the server integrity is maintained. MD has introducted a number of managed solutions for your environment to ensure peace of mind.