IndexSSS KeysFirewallVPN and Private NetworksPublic Key Infrastructure and SSL/TLS EncryptionService AuditingFile Auditing and Intrusion Detection SystemsIsolated Execution EnvironmentsKerberosCriteria Followed to Distinguish Security PracticesSecure server refers to the Web server that guarantees online transactions secure and uses Secure Socket Layer (SSL) to encrypt and decrypt data so that data is not subject to unauthorized access. There are different types of data stored on a server, such as high-, moderate-, and low-risk data [1]. Examples of high-risk servers are departmental email servers, Active Directory, DNS, etc.; examples of moderate risk servers are a non-public contracts database, an online student admissions server, etc. and examples of low-risk servers are online maps, bus timetables, online university catalog showing academic course description, etc. There are several practices that are performed best security practices for server protection, such as patching, inventory, firewall controlled access, software blocking, central logging, intrusion detection, DBG review, dedicated administration workstation, use of SSH keys , VPNs and private networks etc.[2] These security methodologies will be discussed briefly below. Say no to plagiarism. Get a tailor-made essay on "Why Violent Video Games Shouldn't Be Banned"? Get an original essaySSH KeysSSH, or secure shell, is a secure protocol and the most common way to securely administer remote servers. Using a wide range of cryptographic techniques, SSH provides a mechanism for establishing a cryptographically secure connection between two parties, authenticating each party to the other and passing commands and output[3]. To set up SSH key authentication, you need to place the user's public key on the server in a special directory. When the user connects to the server, the server will ask for proof that the client has the associated private key. The SSH client will use the private key to respond to demonstrate ownership of the private key. The server will then allow the client to connect without a password. Firewall Firewall is software (or hardware) that controls which services are exposed to the network, which means blocking or restricting access to every port except those that should be publicly available. Typically server, some services may be running by default. These can be classified into the following groups: Public services that anyone can access on the Internet, often anonymously. A good example of this is a web server that might allow access to your site. Private services that can only be accessed by a select group of authorized accounts or from certain locations. An example of this would be a database control panel. Internal services that should only be accessible from within the server itself, without exposing the service to the outside world. For example, this could be a database that only accepts local connections. Firewalls are an essential part of any server setup. Even if your services themselves implement security features or are limited to the interfaces you want them to run on, a firewall serves as an additional layer of protection. A properly configured firewall will limit access to everything except the specific services you need to stay open. Exposing only certain parts of the software reduces the server's attack surface, limiting components vulnerable to exploitation. VPNs and Private Networks Private networks are networks available only to certain servers or users. For example, inDigitalOcean, the private network is available in some regions as a data center level network. A VPN, or virtual private network, is a way to create secure connections between remote computers and present the connection as if it were a local private network. This provides a way to set up your services as if they were on a private network and connect remote servers via secure connections. Using the private rather than public network for internal communication is almost always preferable given the choice between the two. However, since other users within the data center are able to access the same network, additional measures must still be implemented to secure communication between servers. Using a VPN is, in effect, a way to map a private network that only your servers can see. Communication will be completely private and secure. Other applications can be configured to pass their traffic over the virtual interface exposed by the VPN software. This way, only services that are to be used by clients on the public Internet need to be exposed on the public network. Public Key Infrastructure and SSL/TLS Encryption Public key infrastructure, or PKI, refers to a system designed to create, manage, and validate certificates for identifying individuals and encrypting communications. SSL or TLS certificates can be used to authenticate different entities with each other. After authentication, they can also be used to establish encrypted communications. Service Audit So far we have discussed some technologies that you can implement to improve your security. However, a big part of security is analyzing systems, understanding available attack surfaces, and locking down components as best as possible. Service auditing is a process of finding out what services are running on the servers in your infrastructure. Often the default operating system is configured to run certain services at startup. Installing additional software can sometimes create dependencies that are started automatically. File Inspection and Intrusion Detection Systems File inspection is the process of comparing the current system with a record of the system's files and file characteristics when it is in a known good state. It is used to detect system changes that may have been authorized. An intrusion detection system, or IDS, is software that monitors a system or network for unauthorized activity. Many host-based IDS implementations use file checking as a way to check if the system has changed. Isolated Execution EnvironmentsIsolated execution environments refers to any method in which individual components run within their own dedicated space. This may mean separating discrete application components to their own servers or may refer to configuring services to operate in chrooted environments or containers. The level of isolation depends heavily on the requirements of your application and the realities of your infrastructure. Kerberos Kerberos is a system that supports authentication in distributed systems. Originally designed to work with secret key cryptography, Kerberos, in its latest version, uses public key technology to support key exchange. The Kerberos system was designed at the Massachusetts Institute of Technology. [STE88, KOH93]Kerberos is used for authentication between intelligent processes, such as client-server activity or a user's workstation to other hosts. Kerberos is based on the idea that a central server provides authenticated tokens, called tickets, to requesting applications. A.