Server Security
Server security focuses on the protection of data and resources held on the servers. It comprises tools and techniques that help prevent intrusions, hacking and other malicious actions. Server security measures vary and are typically implemented in layers. The server is what allows all users to access the same resources, functionality, and information remotely. When the server is compromised during an attack, there’s a high likelihood that the whole network and/or system is also compromised. So, maintaining server security is obviously important.
Micro-segmentation is a network security technique that enables security architects to logically divide the server into distinct security segments down to the individual workload level, and then define security controls and deliver services for each unique segment. The goal of macro-segmentation is to break up a network into multiple discrete chunks to support business needs. One example of a common use of macro-segmentation is the isolation of development and production environments.
Virtual patching is a process of addressing security flaws immediately to shield from being exploited and fixing the code later. Like the software patch provided by a vendor, deep security virtual patching protects against a certain exploit. The most widely used option for server patching is maintenance windows. These establish pre-approved frequencies that may be re-used with every following month, but also protecting the users with schedule duration. Maintenance windows can be scheduled at various times of day, daily, weekly, and monthly.
A host intrusion prevention system (HIPS) is an approach to security that relies on third-party software tools to identify and prevent malicious activities. HIPS deployment may detect the host being port-scanned and block all traffic from the host issuing the scan. A HIPS often monitors memory, kernel, and network state, log files, and process execution. A HIPS also protects against buffer overflows.
File Integrity Monitoring (FIM) is a security practice which consists of verifying the integrity of operating systems and application software files to determine if tampering or fraud has occurred by comparing them to a trusted baseline. FIM provides an important layer of protection for sensitive files, data, applications and devices by routinely scanning, monitoring and verifying the integrity of those assets. It also helps identify potential security issues more quickly and improves the accuracy of remediation efforts by the incident response team.
API security is the process of protecting APIs from attacks. Because APIs are very commonly used, and because they enable access to sensitive software functions and data, they are becoming a primary target for attackers. API security is a key component of modern web application security
Database encryption can generally be defined as a process that uses an algorithm to transform data stored in a database into “cipher text” that is incomprehensible without first being decrypted. It can therefore be said that the purpose of database encryption is to protect the data stored in a database from being accessed by individuals with potentially “malicious” intentions. The act of encrypting a database also reduces the incentive for individuals to hack the aforementioned database as “meaningless” encrypted data is of little to no use for hackers.
Server-side encryption is the encryption of data at its destination by the application or service that receives it. SSE-S3 encrypts data at rest using 256-bit Advanced Encryption Standard(AES-256). Each object is encrypted with a unique data/object key and each data/object key is further encrypted using a master key (envelope encryption) which is regularly rotated so as to prevent data getting compromised.
Real-time protection which monitors activity in Cloud Services and on Virtual Machines to detect and block malware execution. Scheduled scanning – periodically detects malware, including on actively running programs. Malware remediation automatically takes action on detected malware, such as deleting or quarantining malicious files and cleaning up malicious registry entries. Signature updates automatically installs the latest protection signatures (virus definitions) to ensure protection is up-to-date on a pre-determined frequency.