Server security

Servers are powerful computers that host services like email, websites or file sharing. They process requests from other devices and deliver data to them, often running 24/7. Cyber criminals target them because they often hold sensitive business data.

What is server security?

Server security protects data and resources on your servers from intrusions, hacking and other malicious actions. Defences are often layered and cover:

• the operating system and critical services
• applications and content hosted on the server
• network protection against online threats

Insecure servers create significant business risks like data theft and network-wide attacks.

How to secure your servers

Securing large, complex servers may require specialist skills. However, any business using a server should be aware of the risks and - at the very least - use basic cyber security measures.

Physical security 

If you are not using a secure data centre to host your servers, you should:

• keep them in locked rooms
• restrict access to authorised staff only
• monitor security logs regularly
• check for environmental risks, eg overheating and fire
• ensure stable power supply

Like desktop PCs, servers need firewalls, regular backups and software updates, reliable anti-malware protection, and ongoing support and maintenance.

Network firewall security

Firewalls filter all incoming and outgoing traffic to your network. They block threats and can:

• prevent malicious email relay
• stop malware downloads
• restrict access to risky websites or services

Hardware firewall

Hardware firewall is built into broadband routers. It protects your whole network from unauthorised external access and is usually effective even with minimal configuration.

Software firewall

Software firewall is installed on individual devices. It is often part of the operating system and usually needs greater configuration of settings and applications controls.

Server hardening

Default server settings are rarely secure. They can leave systems exposed to known threats with default passwords, open ports and unnecessary services running. Server hardening is a security process that addresses these risks. It strengthens servers by removing known vulnerabilities, including:

• encrypting data transmissions
• disabling unnecessary services - unused ports, protocols and software
• applying security patches and updates regularly
• enforcing complex passwords and access control
• locking accounts after failed logins
• using intrusion detection
• backing up data and systems regularly

The National Cyber Security Centre has detailed guidance to help you secure your server.

Cloud servers as an alternative

Cloud servers provide an alternative (often a cost-effective one) to on-premises setups by hosting services on remote infrastructure through Software as a Service (SaaS), Platform as a Service (PaaS) or Infrastructure as a Service (IaaS) models.

In SaaS and PaaS, the cloud provider will typically be expected to configure and maintain servers for you, including patching, security hardening, and implementing security functions like logging and auditing.

With IaaS, you will be responsible for server security, including server hardening, access controls and compliance with UK rules, just as you would with traditional, on-premise servers.