What Is A Secure Server?
Not every server is secure. If you provide a meaningful service for your customers online you'll need a reliable server environment. No business can afford to host their online services on a server that can easily be hacked or is insecure in some way.
The problem is, though, you cannot buy a secure server. There is no such thing on the market. What makes a server secure, is not a single property, but a process of constant, vigilant monitoring and proactive minimizing of possible risks. Something that cannot come with the cheapest option.
Some businesses tend to believe they can operate on shared hosting. For a brochure-like website, this option may be adequate, but once you offer any service that requires - or is meant to build - trust, you'll run into problems. Today, it's a common misconception that people think they may use encryption and miraculously everything is going to get secure.
Let's take a simple example.
It's a good idea to enhance a business website with a secure contact form. Customers will then be able to enter confidential information which will be encrypted before it is sent to your business in an email.
But this is only a good idea, if you have reasonable control over your server.
On shared hosting, there are probably a dozen different websites served by a single webserver process. While there is nothing wrong with using today's server performance to run multiple websites, it's the lack of control you have over what's going on on the server, that poses an unacceptable risk to your business and your customers.
If you think about running an online shop, HTTPS is a must, and the need of having your own webserver, with full control over its operation, becomes an indispensable requirement. Even if you don't believe that when you start to set up your online shop enterprise.
Make Sure You Have A Reliable Server
So why not use a (cloud-based) virtual private server? Yeah, why not?
It's one of the most attractive promises of cloud-based hosting that you get really independent of the hardware your mission is running on. Today your server runs on machine xy and tomorrow it may be migrated with the click of a button to a different machine. Transparent is the magic word here, without any trace your server moves somewhere else and you don't notice any major downtime or interruption to your services. Brilliant idea.
And the same applies to your data. Storing files in the cloud effectively means you are giving up to know where exactly your files are being stored.
Can such a scenario safely be used without encryption? Probably not.
Let's take this thought one step further. Where - in the name of god - should an encryption key be stored? The security diehearts will have only one possible answer: On the local computer, where the user has full control over what is going on.
Good idea, but it leaves all those people out of the picture who are not that tech-savvy to manage the complexity of encryption on their own computers.
So, we're talking about almost everyone.
I applaud anyone who takes the trouble to dive into the fascinating topic of encryption, I encourage everyone to get a basic understanding of email security, but I also know that for many it is far too troublesome to take things into their own hands and maintain their own encryption environment.
The fact that almost nobody uses encryption, although almost everyone knows about the importance of online security, clearly shows that there has to be an option for these people to improve their digital lives online.
And that means there is a need for a safe server environment, where encryption and storing of encryption keys can take place, with a reasonably justified expectation that the encryption on the server is secure.
Personally, I think that the Web Encryption Extension I have made available for any online service is a reliable software base for such a need. But I also think that there have to exist some minimal requirements for operating the server, to ensure that such a solution makes sense.
What Can Go Wrong?
It's time to have a closer look at the risks that you'll face when your run your own server.
First, if you decide to locate your server in a data center, you will rely on the staff's professionalism. An ill-minded system administrator in the data center can make any server insecure, there is no protection against this threat. Once a determined person has a root shell the game is lost, because deliberate modification of crucial software is now possible. And data can be copied without any trace.
Those who operate data centers know that, and they are taking a lot of trouble to prevent being blamed of compromising their customer's servers. It's a hard job, you can imagine.
But even if your data center stuff is trustworthy there's still a bunch of other enemies waiting for an unintentional mistake.
Shit Happens, ...
One of these enemies is complexity. It's essential to fight complexity on a daily basis. Take the example ot the cloud-based virtual server. No matter how mature and how well tested the virtualisation software is, the sheer number of possible factors that affects a server's security is very large. If separation of servers is an essential objective, a dedicated server with its own set of hardware (that can fail, too) can be the better solution. Less complexity means more control to the server's owner. And a more reliable picture of the processes that have to be guarded.
Once, your server (virtual or not) is visible on the internet the chinese and russian maffia will queue up, along with numerous amateurs, to break into your system.
Unfortunately, this is called "normal" in today's cyberspace.
Securing access to your server from the start is one of the most critical tasks you have to worry about. Have a look at your security logs (/var/log/secure) and you can admire the piles of unfriendly or criminal login attempts via the secure shell. All searching for an open door into your server.
Fortunately there are a number of standard solutions to help fighting these risks, starting with public key authentication for the secure shell, running a restrictive firewall that opens less than a handful of ports, locking down admin panels, using encrypted filesystems for backups, intrusion detection, localhosting your database servers, and many, many more.
But one possible risk still remains, even if you've secured your server, and that is software side-effects. Complexity bites here, again.
ownCloud is one of the latest examples that was enhanced with the web encryption extension. Why not use the server under your control to provide cloud-storage and easy access to your files for your business?
Again, I don't think this is a good idea without the use of encryption. Why?
Because every software, even the best tested and most reliable software application is at risk, if there are bugs in other software apps that run in parallel, simultaneously on the same web server. If a bug in some web application can be used to read files the web server process will also be able to read ownCloud user's files on the system. It does not matter that ownCloud successfully separates its user's files when another web application, running with the web server's privileges can read them or mail them somewhere. Software is a complex system, crying out for simpilicity. But as Einstein once said, you have to make it as simple as possible, but no simpler.
I think, in this case, only user-controlled encryption with the secret passphrase not being stored on the server can prevent this risk. That's why it is generally a good idea to increase control, not only yours but your customer's as well.
Taking Control Over Your Own Server
Admit it, you know you need to have control over your own server, if you run a business.
If this is a scary thought, yes, it requires some knowledge to make the right decisions, but it is not too difficult to get the ball rolling in the right direction.
The first thing you'll need is good advice, because it's sometimes hard to know what you really need, what you wish to protect from, and at what cost. You cannot have a perfectly secure server, so you'll need to find out what your best option really is.
Difficult stuff, but who said that running a business is easy?
There will be risks no-one can foresee, but controlling your own server and making sure that it operates securely is not rocket science. You will get it done with the help of others.
posted on May 5th 2013