Skip to main content
View All Products
Compute
Storage
Databases
Networking
Developer Tools
Delivery
Security
Services
Industries
Pricing
Community
Engage With Us
Explore Blog
Categories
14
  1. Cloud Consulting Services
    4
  2. Cloud Overviews
    49
  3. Compute
    12
  4. Containers (Kubernetes, Docker)
    33
  5. Databases
    19
  6. Developer Tools
    34
  7. Linode
    253
  8. Linux
    69
  9. Multicloud
    4
  10. Networking
    29
  11. Open Source
    5
  12. Partner Network
    7
  13. Security
    60
  14. Storage
    21
Authors 49
  1. Abe Massry 2
  2. Al Newkirk 1
  3. Alexander Newnham 2
  4. Andrew Sauber 1
  5. Andrew Stebbins 2
  6. Andy Stevens 5
  7. Bradley LaBoon 1
  8. Blair Lyon 11
  9. Billy Thompson 8
  10. Christopher Aker 176
  11. Cassie Bubnis 1
  12. Daniele Polencic 4
  13. David Monschein 2
  14. David Rodriguez 1
  15. Dan Spataro 2
  16. Elvis Segura 1
  17. Gardiner Bryant 1
  18. Holden Morris 4
  19. Hillary Wilmoth 65
  20. Jim Ackley 5
  21. Jessica Capuano Mora 1
  22. Justin Cobbett 11
  23. Jon Frederickson 1
  24. Jonathan Hill 2
  25. Justin Mitchel 4
  26. James Steel 5
  27. Jamie Sherkness 8
  28. Linode 52
  29. Linode Events 8
  30. The Linode Security Team 122
  31. The Linode Network & Security Teams 1
  32. LINQ 1
  33. Leslie Salazar 1
  34. Michelle Berg 1
  35. Mitch Donaberger 1
  36. Mike Fischler 1
  37. Mike Maney 10
  38. Maddie Presland 17
  39. Mike Quatrani 4
  40. Nathan Melehan 2
  41. Nigel Poulton 1
  42. Rick Myers 7
  43. Richard Tubb 1
  44. Sal Carrasco 1
  45. Salman Iqbal 1
  46. Shawn Michels 1
  47. Linode Support 13
  48. Tom Asaro 18
  49. Talia Nassi 8
BlogSecurityIntroduction to Server Security

Introduction to Server Security

Talia Nassi
Talia Nassi
October 30, 2023
Introduction to Server Security.

This post is the final installment of our Cloud Computing Foundations series. Build your skills further by taking our Cloud Computing by taking our certification course.

One of the most important aspects of the development lifecycle is understanding how to secure the hosting environment that runs our web apps. Our servers allow incoming connections from external systems over specific ports whenever we deploy a web app. Server ports identify incoming and outgoing network traffic.

To understand server vulnerabilities, we need to think about where communications take place.

In the example above:

  1. A client (left), typically a web browser, sends an HTTP request to the server.
  2. The server receives the HTTP request and processes it.
  3. The domain name is queried against one or more domain name servers, usually managed by the domain name registrar. 
  4. The server retrieves or generates the requested content and sends an HTTP response back to the client.
  5. The client receives the response and renders the content.

During this process, in certain cases, connections to our servers can be from malicious computers looking to exploit weaknesses in our server configurations. There are plenty of reasons why a server might be exploited.

Let’s take a look at some common server attacks.

Distributed Denial of Service Attacks (DDoS)

In a distributed denial of service (DDoS) attack an attacker attempts to overload a targeted server with a flood of HTTP requests. This is also called an HTTP flood attack. Remember, each time we make an HTTP request, our servers are tasked with responding to the request. If our servers don’t have the resource capacity to meet the number of incoming simultaneous requests, the web server will stall or crash. Moving forward, each subsequent HTTP request will fail, rendering the web server unreachable. 

DDoS attacks are generally performed through botnets. Botnets are a network of devices infected with malicious software, also known as malware, which is designed specifically to produce a flood of HTTP requests to a target machine.

The above illustration provides an overview of how HTTP flood attacks work. On the right side, we have the client making a request to the server, but because there are several bots also making requests to the server, thus draining the server’s resources, the client cannot connect to the server.

Directory Traversal

A directory traversal is another common exploit that generally targets poorly configured servers. All Web files are served directly from the Web Root Directory. Users connecting to our servers via HTTP web requests should only be able to access specific files from the web root directory without being able to navigate to or execute files from folders that are higher in the directory structure. If this were to happen, it could mean an attacker could gain access to critical system and configuration files and wreak havoc on the server.

The above image demonstrates how this attack works. The attacker submits a malicious HTTP request using a modified URL, which includes the directory path to a system or configuration file. The server processes the request, and as a result of poor server configuration or application design, can retrieve the system file and display its contents or source code.

Brute Force Attack

A brute force attack, also called a dictionary attack or account takeover, is another very common attack whereby a malicious agent attempts to gain entry to a restricted access point on your server. This restricted access point is typically the server’s root account or another account with root privileges. Attackers use malware to automatically submit numerous login attempts with automatically generated password and username combinations based on dictionary words.

The illustration above demonstrates how this attack works. On the left, the attacker submits repeated login attempts generated from a word list using malware. If the correct combinations are found, the attacker will gain access to the server. Brute force attacks can be highly effective—even if a server uses only SSH key authentication.

Keeping Your Server Secure

Here are some best practices to consider when configuring and securing your servers:

  • Keep your operating system and software up-to-date with the latest security patches and updates.
  • Disable or block any unnecessary services or ports to minimize the attack surface.
  • Limit access to your server by only allowing authorized users to connect and interact with it.
  • Secure network traffic by using encryption protocols such as SSL or TLS.
  • Have a robust backup and disaster recovery plan to minimize data loss and downtime.
  • Implement strong passwords and multi-factor authentication to protect against unauthorized access.
  • Use firewalls to control incoming and outgoing network traffic.
  • Monitor server logs and network traffic for suspicious activity.
  • Use intrusion detection and prevention systems to identify and prevent attacks.
  • Implement security measures such as file system permissions and access controls to protect against unauthorized access to sensitive data.

Build the skills to succeed in cloud computing by taking our Introduction to Cloud Computing certification course.

You might also like...

Defend Against Web App and API Attacks in Asia-Pacific: Akamai’s Report

Learn about the top web app & API attack vectors in Asia-Pacific from Akamai’s State of the Internet report and how to better protect yourself.
Security
How SSL, TLS, & HTTPS Work video thumbnail

How SSL, TLS, & HTTPS Work | Keeping Your Connections Safe

In this video, @gardiner_bryant explains HTTPS (Hyper Text Transport Protocol Secure) and how SSL and TLS keep your connection safe.
Security
Security Survey Shows Companies Not Fully Prepared For API Attacks featuring Rupesh Chokshi from Akamai.

Security Survey Shows Companies Not Fully Prepared For API Attacks Rupesh Chokshi – Akamai

In this video, Akamai Senior Vice President and General Manager of Application Security Rupesh Chokshi shares his insights.
Security

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *