The Tech Bench: The Single Best Security Tip
Harsh words, but it needs to be said. At ServInt, we work very hard to deliver servers to our customers that are as secure as they can be. But every customization of and installation on a server creates holes in that security. It is simply the nature of the Internet and networking. If you have data to share, you must find ways for users to access that data.
Server security is a balance. The most secure server is one that is powered down and not connected to the Internet. But obviously, this server is little more than an expensive brick. To be useful, clients need to customize their servers, installing various programs that serve data out to and receive data from users on the Internet.
The single biggest cause of server security breaches we see at ServInt are due to customers not updating their third-party software.
It would be great if we could keep track of all the software customers install on each of their servers and update it automatically. But this is simply impossible. With tens of thousands of third-party application on the market and as many customers, there is no effective way to monitor and update each customer’s third-party software.
This is where you come in. A few months ago on the ServInt Source, ServInt Director of Network Compliance, Mike Witty, posted an article about different ways to help increase server security. In this article, he had some great advice that bears repeating:
Keep the software you are running on your server up to date. There are options you can enable in cPanel and some other control panels to inform you when any software you downloaded directly from your control panel has been updated. Also, many places such as The Symantec Security Focus Bugtraq list allow you to sign up for emails that will send you information on software updates.
For all other software, there should be a page on the designer’s site which lists current versions and where to download updates. Keeping a folder of bookmarks of these sites can be a real life saver. Simply surf to the pages you have marked a couple times a month and check for software updates.
If you install it on your server (or ask us to install it), make sure you update it. Check for updates, and check often.