How do you secure something you can’t even see, hear, or touch?
They say the only secure server is one that isn’t turned on or connected to the internet. While that is true, it isn’t really practical, so we need to figure out ways to avoid exposing our company or clients data to malicious actors. Whether you are in DevOps, systems, or a web developer, it’s critical for you to make sure you are following best practices to reduce exposure and mitigate cybersecurity risks. Below are some useful tips you can use and apply within your infrastructure to ensure you are following best practices and staying secure while working online.
1. Always connect to remote services with TLS or Public Keys whenever possible.
TLS stands for Transport Layer Security. SSL stands for Secure Socket Layer but has been deprecated by newer security protocols. Still, to this day, people still refer to TLS as SSL even though they are different. Either way, these protocols are crucial to web security because they allow two servers to validate authentication and trust each servers layer of security.
When connecting to servers, databases, or remote computers, always do so by using TLS or public keys. Almost every major cloud platform or service such as AWS, Github, Azure have the ability to upload your public keys for security authentication. Following this practice ensures your connections are secure, encrypted, and properly authenticated.
2. Check your TLS/SSL Configurations.
SSL/TLS is a deceptively simple technology. It is easy to deploy, and works fabulously… when it works. Even when it does work, it’s hard to know exactly when and how it’s working. It’s very easy to deploy SSL but it’s sometimes is hard to tell if it’s been deployed properly, and if it hasn’t been deployed properly, then your data isn’t properly secured.
SSL/TLS should be standard by now in everyone’s environment, but it’s also important to make sure you stay up to date and correctly configure the proper parameters. Make sure you aren’t using weak ciphers, your TLS versions aren’t outdated, you have valid security certificates without weak keys for decryption, and you are scanning for any anomalies regularly.
3. Don’t Sleep On Your Certificates.
I feel my first three tips could be rolled into one giant paragraph but I’ve come across systems and infrastructure that each had unique issues in each of the first three tips so I decided to break them up to highlight them individually.
Make sure you renew your certificates on time. Using SSL certificates is essentials to encrypting your web site or application’s traffic. HTTPS is the new standard and is now expected on all web sites and applications. Google actually penalizes your site and reduces your indexing score if your site doesn’t have proper SSL certificates. Certifications do expire so it’s important to remind yourself of the dates or install an auto-renewing SSL Cert bot if possible.
4. Limit Requests to Prevent DDoS Attacks.
While connecting to your server through SSH can be very secure since it’s an encrypted tunnel, the SSH daemon itself is exposed to the internet, therefore making it very susceptible for would-be malicious actors.
Brute force attacks are pretty easily executed with large dictionary text files and password databases. They are scripts that try hundreds of logins while running through dictionaries for common passwords. Make sure you’re protecting your website and applications by applying a rate limit for requests to prevent and thwart brute force attacks and malicious actors. Use something like Fail2ban to throttle requests.
5. Enable All the Logs.
Most systems, software, and even mechanical machines generate some kind of logs. Make sure you are enabling traffic, access, activity, and error logs. Hell, enable all logs if possible. Some systems will come with the ability to generate logs but it’s not always on by default. In fact, most of the time it’s up to the end-user or administrator to enable that feature. It’s critical to understand how your system manages its logs, how long they retain logs, and what kind of data they keep in their logs.
Logs are your first go to when trying to resolve an outage or figure out a security breach. Logs are breadcrumbs that provide clues on issues, highlight attack patterns, and are your first line of defense (besides alerts, which we will touch on that later.)
Don’t wait until it’s too late…
Security is very hard to grasp considering it’s not a tangible object, an objectively realistic goal or even a milestone you can reach. It’s a target you need to continuously aim for, every day, or else you will leave your infrastructure, team, and company vulnerable to the many threats that are present online.
By following some simple principles and staying up to date on the best practices, you can reduce your risk of exposure, experiencing a data breach, or leaking your companies information online.