Protect Infrastructure

Learning Objectives

After completing this unit, you’ll be able to:

Describe how to manage secure server hardware.
Explain how to manage network access control lists on specialized systems.
List actions to manage and administer the updating of rules and signatures for specialized applications.

Manage Secure Server Hardware

Securing your most important infrastructure is essential to the health of your organization. Events that may undermine the confidentiality, integrity, or availability (CIA) of the services delivered by your infrastructure could have significant consequences. Your first task as an infrastructure support specialist in securing your new infrastructure includes selecting, building, installing, configuring, testing, and securing the server hardware for your organization.

Select Your Server Hardware

Although servers in general perform a wide variety of tasks, each server is designed to perform specific tasks. The hardware and features your server will need depend on the tasks your server will perform. According to TechTarget, here are some factors you should consider when evaluating servers, keeping in mind your current and future workload needs.

Central processing unit (CPU): The CPU is a fundamental component to review, given its role in running programs and manipulating data.
Memory: Server memory is critical for getting the maximum performance out of a system.
Storage: A server’s storage requirements will depend on the intended applications and workloads: A database server will have different needs than one running a web application.
Connectivity: Network connectivity and interconnects are also important server considerations.
Other features: Additional attributes to investigate include hot swapping capabilities and the level of redundancy available for components such as hard drives, power supply units, and fans.

Build Your Domain Controller

A domain controller authenticates and validates user access on the network. Domain controllers also connect users with shared network resources. Before you begin building your domain controller, document your installed or proposed network. Check both the hardware specifications and software requirements of your server. And ensure the operating systems (OS) of computers on the network are upgraded, patched to your organization’s specifications, and able to connect to the server.

You may want to perform this step on a test network (one that mimics your current operating environment) to test the domain controller before putting it into production.

Install Your Domain Controller

For explicit steps on installing a domain controller’s OS and setting your domain controller with a valid static IP address, see this post by PDQ.com. Note that these steps may vary depending on your operating system (Linux vs Windows). Once you’ve set this up, you can sign in with the domain admin account and start domain administration.

Install Additional Infrastructure Servers

Next, build and install any remaining servers (Email, File, Application, and more) for your infrastructure. Identify any network service software to be installed. Then, install, configure, and secure the underlying OS and the server software. Make sure you’re in compliance with your organization’s security policies and standard system and network configuration builds.

You can create custom images for new server builds with the same baseline configurations. This is helpful if you need to set up a server similar to what you already have and would like to skip configuring a new server from scratch.

Configure Your Server

Once the server’s OS is installed, configure it to access your organization’s network. Configure the server’s network specifications including its name, Domain Name System (DNS), IP address, the domain on the network it resides, and more. Configure administrative (local and network) accounts based on your organization’s structure. Once installation is complete, set up remote access to the server and then set sharing options. Join the server to the domain so it can access shared resources.

Test Your Servers

Finally, test the availability and performance of your servers. You want to make sure the servers and any clients (workstations) can communicate with each other through various network devices (routers, switches, and firewalls). Perform security testing of the OS, network, server application, and server content.

Secure Your Server

Further hardening of your infrastructure is the next thing you should tackle. Here are some examples of how you can improve the security of your server.

Establish local and network administrator accounts and users for each physical device and each virtual instance to limit access to the server.
Make sure these accounts are unique and limited to only those who need them.
Verify each user has a unique authentication type (username, password, PIN, and so forth).
Install and keep an antivirus (AV) and antimalware solution up to date.
Install and configure your network infrastructure boundary devices such as a firewall, intrusion detection and protection system (IDPS), border/gateway routers, and so on.
Encrypt your data.

Back Up Your Server

Lastly, before you deploy, configure the server for backup (you may need an external hard drive) and set the backup schedule.

Manage Your Network Access Control List

You use an access control list (ACL) to create rules to grant or deny access to certain digital environments. Network ACLs (NACLs) tell routers, firewalls (also called firewall rules), and managed switches which type of traffic can access the network. NACLs control traffic flow, restrict traffic for better performance, and provide security by specifying which areas of the server, network, or service can be accessed by a user. They prevent unauthorized users from accessing sensitive information.

Let’s take a look at an example. Samir is an infrastructure support specialist at a government agency that provides healthcare services to veterans. The agency has sensitive files containing veterans’ protected health information (PHI) that the claims department wants to keep private.

Samir notices malicious activity from a specific IP address on the agency’s network. He sets up a NACL on the organization’s border firewall and permanently blocks the IP address from accessing the agency’s network. Samir also updates his organization’s IDPS to block this type of attack automatically. He configures the IDPS to log the attack details and to alert himself and his coworkers so they can review and decide if the traffic is valid.

Let’s explore more about managing rules and signatures for specialized applications, such as intrusion detection and prevention systems (IDPS), below. IDPSs are primarily focused on identifying possible malicious activity, which, left unchecked, can turn into incidents.

Manage Rules and Signatures for Specialized Applications

IDPS

IDPS are tools that can detect when an attacker has successfully compromised a system by exploiting a vulnerability. They can then block the attack type, preventing any intrusion.

As an infrastructure support specialist, it’s your job to configure your IDPS with rules, allowing it to identify network traffic that violates the organization’s security or acceptable use policies. Some IDPSs use signature-based detection to recognize patterns that correspond to known threats.

Signature-based detection is the process of comparing signatures against observed events to identify possible incidents. In cybersecurity, a signature is a pattern that allows the IDPS to recognize malicious threats, such as known malicious instructions used by malware. In order for signature-based detection to be effective, you must keep the IDPS’s list of signatures up to date to ensure that it can detect malicious activity.

Other IDPS detection types include behavior-based detection. Instead of using already known signatures to protect your network, a behavior-based IDPS monitors all the traffic that flows into or out of your network and detects atypical behavior.

Behavior-based security programs monitor data streams, and then they compare data stream activity to a baseline of normal behavior and look for anomalies. They use applied mathematics and machine learning to flag events that are statistically significant. They then drop the network connection, preventing access.

This type of IDPS has a higher probability of identifying zero-day attacks, which cannot be detected by signature-based IDPS. A zero-day is a computer-software vulnerability either unknown to those interested in its mitigation or known and a patch has not been developed. Until the vulnerability is mitigated, hackers can exploit it.

Antivirus

Much like signature-based IDPS, signature-based antivirus (AV) involves your AV having a predefined repository of static signatures (fingerprints) that represent known system threats. AV monitors system and network files for signature matches, and if a match is found, the file is categorized as a threat and is blocked or quarantined. In order for your AV to remain effective, you must make sure it’s kept up to date.

Content Blocklists

Blocklisting involves defining which entities should be blocked. Just like security officials use a no-fly list at an airport to block people viewed as security threats from boarding an airplane, infrastructure support specialists use content blocklists to block files viewed as security threats from executing on the network.

Security at the airport stopping a passenger whose name appears on a list with a red X

An alternative to blocklisting is to use an allowlist, which denies everything by default, with the exception of rules added. Instead of trying to keep one step ahead of cyberattackers to identify and block malicious content, you compile a list of approved applications for use. While using allowlists can keep many cybersecurity problems at bay, it can also be inconvenient for end users. This is because under an allowlist, every application must be approved for use. Carefully consider what applications should be preapproved to minimize the impact on users’ productivity.

Sum It Up

Now that you understand how to secure servers and manage NACLs, IDPS, AV, and content blocklists and allowlists, it’s time to explore how to monitor networks, test and evaluate applications and access controls, and assess system security.