Best Security Measures to Protect Your Servers – If you’ve got some kind of server that’s facing the Internet you need to protect it. Now we cover things like firewalls in other articles and firewalls are a critical if not the first thing we need to do to protect our servers. But since that’s well covered in other episodes I want to talk about some of the other denizens that we install within our DMZ’s to protect our servers.
Lets take a look at a typical network. So what we have here is a DMZ so we have the router that’s connected to the Internet and then between that and our second router this is our public facing servers. So we’ve got a little switch here.
If you are using a lot of asymmetric encryption you’re going to be doing a lot of SSL/TLS and asymmetric encryption can really burden CPU’s. So what is a very common thing to do, and let’s go back to our diagram. Now here, we’re going to have all four these are going to be web servers in this case. And what we’re going to do is install a special card into each one of these boxes.
These cards only have one real job and that is to encrypt and decrypt asymmetric encryption on the fly. Now putting in individual cards is a great idea. However for larger more enterprise type situations where you have a lot of these systems, having individual cards in each one of your web servers can become onerous. So what we often see instead is an appliance that sits directly behind our gateway router and is between the Internet and our switches. So this box right here is a dedicated SSL accelerator.
It only has one job and that is to handle all the SSL/TLS encryption and decryption going across the network. Now an SSL accelerator isn’t going to protect your network so much as it’s going to make it run more efficiently. But in a way running more efficient is a protection too. So let’s go and take a look at the next one called a load balancer.
Now this load balancer is actually a proxy because he takes all the incoming requests for the Web site and then distributes it around to the four different basically identical web servers. Now a load balancer works in a lot of different ways. Best Security Measures
Distributed Denial of Service is the biggest problem that we have on the Internet today. There is no question mark about that. So there have been a number of interesting tool sets to help us, well we can’t stop denial of service, but we can hopefully mitigate it, reduce its effect.
Now it sounds expensive but what’s interesting for many people today since we use virtualization and cloud based services all of the devices I talk to you you don’t have to actually buy hardware. They can manifest as software and sit in the cloud along with all of your virtual servers.