Page 18 - Cyber Warnings
P. 18
Don t be an Easy Target
7 Ways to Keep Your Server Secure
by Michael Ryan, CEO, South River Technologies
Keeping corporate servers safe is a constant concern for IT professionals. Typically, the first
step in Secure File Transfer server security is choosing a secure protocol such as FTP/S or
SFTP. Sometimes, that’s not possible, so what other security measures can you take?
The most important thing to focus on is to not be an easy target. Guaranteeing that you’ll never
be hacked isn’t likely, but you can make your Secure File Transfer server a much less attractive
target. Here are 7 ways to do this:
Control Unauthorized Server Access
It may seem obvious, but your first line of defense against attacks is controlling server access.
Keeping non-authenticated users or programs from accessing your servers is an important
factor in ensuring that your confidential information stays as secure as possible.
1. Anti-hacking (password guessing) features on your SFTP server should be enabled.
Your server should have settings for how many invalid password attempts can be made
before the user (or program) is locked out. Ideally, this should be set at about 3, but no
higher than 5. This makes the time between attempts much longer and reduces the
likelihood of password guessing.
2. Disable anonymous access – or use it with extreme caution. In many FTP servers, there
is actually a user named “anonymous.” If you use anonymous access, make sure that this
user is locked into their home directory and has read-only privileges. Even if you do this,
logging in as anonymous may enable the user to determine which port you use for FTP
and which version of the server software that you are running.
They can easily do research to determine if any security vulnerabilities exist in the
software version you are running. The best practice, if you need to offer downloads
through anonymous access, is to put those files on a dedicated SFTP server that sits
outside your DMZ.
3. Anti-hammering features should also be enabled. This helps to prevent Denial of Service
(DoS) attacks. A DoS attack is a way of making a server unavailable to its users by using a
program to saturate the target server with communication requests. This makes the server
so busy that it cannot process the legitimate file transfer requests.
18 Cyber Warnings E-Magazine – June 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
