Comprehensive security protection for critical application servers

In view of the increasingly serious security problems faced by Enterprise application Server, this paper introduces the method of comprehensive and effective security protection for the key application servers from the aspects of system security, intrusion prevention, access control, data security and backup disaster, and aims to ensure the server is in a stable and reliable state.

1. Server overview

Server is the core of enterprise information system, there are 3 types of file server, database server and application server. The "Application Server" refers to these 3 types. An important business system is running on the application server, serving clients in a networked environment. There are many types of application servers, such as domain controllers, DNS, e-mail, Web, OA, and so on. A hardware server can provide multiple services at the same time, logically constituting multiple application servers, and a service can be distributed across multiple hardware platforms.

The server has a RISC architecture (CPU with Itanium, PowerPC, SPARC, etc.) and CISC (with Intel, AMD CPU) architecture (also known as IA, x86, or PC server). The operating system is basically unix/linux and Windows two series. Medium to high-end servers are UNIX-based, low-end servers or PC servers with Windows, Linux, or Solaris. Windows systems are dominated by WindowsServer 2003 or 2008, and UNIX systems are common to IBM AIX, HP UX, Sun Solaris, and FreeBSD, while Linux systems are more redhat and SuSE.

2. Security threats

The security threats faced by the server remain viruses, malicious attacks, system vulnerabilities, data leaks, and data corruption. Viruses and cyber attacks are the biggest security threats, viruses from the Internet or mobile media into the intranet, and some will attack the server to destroy data or Trojan horse to steal confidential data. Whether it is a virus attack or a man-made attack, mostly to destroy, spy or spread the virus for the purpose.

Vulnerability is one of the major security problems of the server, both the vulnerability of the operating system and the management of the omission. System vulnerabilities in operating system, database management system and application system can be exploited by hackers to attack, spread viruses and Trojan horses. In addition, the server opens up a lot of unused ports and services, providing a potential way for hackers to attack. System Management omissions, such as the system administrator account is not set password, or too simple. The default administrative password for some services has not changed, making it easy for outsiders to gain administrative authority.

Disclosure risks include spy from internal and external networks, insider leaks, improper access control policies, or loss of storage media leaks.

3, the security of the server

Once the application server fails, it may cause service interruption or data loss, causing significant loss to the enterprise, so the highest goal of security protection is to ensure safe, stable, efficient, continuous uninterrupted operation. Server security is especially important in terms of system security, access control, and backup disaster recovery.

3.1 System Safety Reinforcement

Periodically, the server's system configuration is safely optimized to perform a comprehensive vulnerability scanning and security assessment of the server and database systems. Fix the bug in time [1], download the latest patch and install it after testing. When the system installs the various administrator accounts, must set up the strong password in time, and frequently changes. Disable the default account name and create a new one. Disable unnecessary services and ports on the server.

3.2 Protection by area

Place servers in different regions by application category, using different security policies. The server facing the external service is usually placed in the DMZ server area, such as Web, e-mail, etc., the server facing the internal service is placed in the application server area, such as OA, and the core business Server, such as ERP, production system, financial system, etc., should be placed in a closed area alone, Deploy firewalls at the perimeter to focus on protection against unrelated user or host access.

3.3 Border Defense

Secure the egress boundaries of the intranet and Internet, extranet, such as physical isolation, deployment of firewalls, intrusion detection and intrusion prevention (ids/ips) facilities, etc.

External servers in the DMZ area must be protected by a firewall. An unrelated service port should be blocked to prevent the port from scanning the server system from the external network. Control access to the system, log and analyze access logs through the firewall. Deploy Ids/ips to monitor network traffic when necessary, and detect intrusions and attacks in a timely manner. To simplify the multi-level connection of multiple devices, reduce the point of failure, you can use a set of firewalls, anti-virus, intrusion detection/defense, anti-spam and other features of the UTM device, easy to configure.

3.4 Virus Control

The server must take complete virus control measures. Antivirus software must be set to automatically update the virus database every day to ensure that it is up to date. Enable virus Auto-protection to scan incoming and outgoing files in real time. Always check the anti-virus software logging and real-time protection reports.

3.5 Access Control

Make full use of network equipment access control function, the server operating system and database system strict access control, control the user or process access to servers, directories, files and other resources, to ensure that they are not illegally used and access. Set different access rights to users or processes, implement hierarchical mandatory account security policies, set appropriate security levels for directories and files, and prevent unauthorized users from accessing files illegally.

Authenticates and authorizes the system administrator or application operator of the server. The traditional static user name plus password authentication is not secure enough to be cracked or stolen by a Trojan horse program. IC card authentication method because the identity information in the IC card is easy to be scanned and intercepted is not very safe. Dynamic password can make the user password dynamic change, each authentication password is not the same, can effectively guarantee the user identity of security authentication.

PKI/CA authentication using digital certificates through data encryption and decryption, digital signature technology to ensure the confidentiality of information, integrity and authenticity of identity, is currently the most secure and reliable user authentication means [2]. Store digital certificates in USB Key for easy portability and use. By establishing the enterprise's PKI/CA system, it is more ideal to realize the user's single sign-on, authentication and access control.

3.6 Remote access and remote management control

It is more secure for mobile users to access enterprise intranet servers from public network. User Login to insert the digital certificate of the USB Key, and enter the PIN code for two-factor authentication, the security intensity is much higher than the use of only user name plus password, to ensure that the customer authentication information will not be stolen or cracked. Must be tightly controlled Telnet, remote management access to the transmission of the information has to be encrypted, the control policy should be set to allow only administrators from a specific IP address to the server remote management, all Telnet logs must be logged.

3.7 Data Encryption

To prevent confidential data from being stolen when it is transmitted over the network, the data is encrypted before transmission. Commonly used are IP protocol-based encryption and VPN encryption. There is also a way to encrypt a file through a document encryption system, which can only be decrypted and reverted to plaintext in an authorized environment, otherwise it is unreadable.

3.8 Safety Protection

3.8.1 Active Directory Server

Windows Active Directory is designed to facilitate centralized management of various objects (such as users, computers) and various resources (such as printers, folders, programs) that are distributed throughout the enterprise network. AD contains one or more domains, and multiple domain controllers can be provisioned for redundancy in each domain. If domain control is distributed across different geographies, you will need to create a site in each place to achieve balanced domain control information replication and to speed up user logon authentication. AD domain data should be backed up frequently.

3.8.2 Web Server

The Web server of the Enterprise external Web site can easily become the target of external attack, attackers exploit various system vulnerabilities, password cracking and other ways to carry out attack, content tampering, theft of administrator password, database injection, website hanging horse, Trojan horse implantation, stealing data and other destructive activities.

In order to protect the site from attack, tampering, the need to deploy a Web page anti-tampering system, the Web content of real-time monitoring, once found that a file has been tampered with automatic recovery.

3.8.3 Database Server

The security of the database system itself is critical. Through the database management system, such as user identity authentication, access control, data encryption, database audit, backup and recovery, a series of security mechanisms to ensure the confidentiality, integrity and availability of the database. At the same time, because the database system is in the form of files, so under the operating system to the database file access to strict management, to prevent the destruction of the database through this way. On the network, you should prevent attacks, theft, tampering, and vandalism on the database. It is also necessary to make the database disaster-tolerant backup, and to provide high availability for the important database server with dual-machine hot standby.

3.8.4 e-mail server

Mail server first to ensure the security of the system itself, only open the SMTP port, POP3 port is subject to the conditions of the open range. Limit the total mailbox capacity of each user and the size of individual messages to avoid system crashes due to disk space exhaustion. Deadline to delete messages that are not sent out for long periods in the send queue. Enable SMTP authentication to authenticate outgoing messages to prevent the forwarding of spam messages. Anti-spam is necessary and should be used intelligently and identify high-accuracy hardware devices.

3.9 Clusters and dual-machine hot standby

A cluster is a group of computers running the same software system, serving as a server to the client. The cluster generally uses two servers, all install the same application system, when one fails, the other can take over its application in a short time, ensure uninterrupted service of business system and achieve high availability. Clusters are typically shared using storage devices such as disk arrays or fiber Sans, and the same data is used by both servers.

3.10 Server Load Balancing

On the Internet to provide continuous uninterrupted service of the application system, in order to meet the demand for large traffic and high availability, often configure multiple servers to provide services at the same time for users to balanced access.

Server load Balancing technology enables a service to be run on a set of servers at the same time, providing services to multiple users. When there is a service request, one of the servers is scheduled to execute the service according to the load balancing allocation algorithm. When a server fails, other servers continue to provide services to ensure continuity of service. The simplest load-balancing can be achieved through DNS, but the effect is not good. Reverse proxy technology also allows for load balancing. Professional server load Balancing is good for hardware devices, and software is less expensive.

3.11 Backup and disaster recovery

[4] The latest backup technologies are snapshot and continuous data protection (CDP) technology based on storage virtualization. A snapshot is a copy of the system and data at a particular moment, a static image of a data set, and CDP is a continuous replication and storage of the system and data, as if it were a video, capable of completing any point-in-time recovery at the instant of the application server's failure. Snapshots and CDP are suitable for large-scale non-stop applications, real-time backup and recovery of operating system, database system, application system and data. Extend to offsite to achieve disaster recovery.

Ordinary servers with low business continuity requirements can use traditional backup methods to carry out static backups using disk arrays or tape media.

Using virtual machine technology to realize server disaster recovery is also a feasible method. Create the corresponding virtual machine for the running real server, usually as a backup of the real machine. Or make a virtual virtual machine for a real physical server, generating a VM replica image. In the event of a catastrophic failure of the real server, either start a backup VM or perform a virtual machine image to restore important business on the real server in the shortest time possible.

3.12 System Log Audit

Through the operating system, application system, database system and network equipment system log monitoring and audit to check if there is suspicious phenomenon, whether there is intruder intrusion, whether to leave the back door, etc., to take timely measures to eliminate all kinds of security risks.

Due to the large number of syslog information, it is difficult to audit by artificial, can use professional log server through the Syslog protocol to all the System log collection, unified analysis, generate various forms of reports for administrators to use.

4. Conclusion

Securing Application servers and network security is an eternal topic. With the development of network application, security protection will inevitably encounter new challenges, only with the times, to deal with the crisis, and constantly improve the protection ability to ensure information security.

Comprehensive security protection for critical application servers