If you own a new server or are running an existing batch of servers, now is the time to secure them. Today, you are exposed to various security risks, including malware, hackers, script kiddies, and more. Malware refer to malicious software that may run on your servers, e.g. ransomware, Trojan horses, worms, and other viruses. Hackers are highly skilled individuals that possess a great understanding of computer systems that they are targeting. Script kiddie is a derogatory term for a hacker, as he or she utilizes a set of pre-made scripts and programs to attack a computer system. In this post, you will learn more about auditing and managing your running services and why this is important for server security.
What are “Running Services”?
When the term, “running services” is mentioned, it usually refers to a service that is running in the background. The software is designed to performs long-running tasks on your computer. When the term is being used on servers, common running services are usually from web server software. For example, Exim, Dovecot, Nginx, Apache. Other management running services may include Microsoft Terminal Services and SSH. In most cases, these services are programmed to run on a server during each session. They also require a secure Internet connection.
When a hacker attempts to compromise a server, they need to first scan the server to monitor what services are running in the background and which resources they can use. Once they have pinpointed the services that are running, they will start digging for bugs and security loopholes. These vulnerabilities allow them to gain access to the server and hijack it. Unfortunately, software bugs are common. In some situations, the simplest bugs can have very severe consequences.
Step One: Initial Audit
You need to identify which running services are accessible from the Internet. To minimize security risks, it is better if fewer of these services are active. A Linux distribution’s default server installation, for example, comes with an array of useful services. However, not all of them will be utilize in your use case. So, you need to start getting an overall idea of the services that you have installed and are running on your server.
Step Two: Manage Linux Services
Let’s continue with Linux systems. To list all the installed services, you can use the service –status-all command. When you are viewing the results, you should take note of three main markers: “-“, “?”, and “+”. Services that are not running will feature the minus symbol. Services that cannot return a valid status will feature the question-mark symbol. Services that are running will feature the plus symbol. This information will serve as a good starting point to work from. If you are working with modern Linux systems, and they utilize systemd for service management, you will need to use the systemctl list-units –type service command to retrieve the list of active and inactive services.
Step Three: Manage Windows Services
If you are using Microsoft Windows servers, simply locate the Services panel. It is found in the Administration tools section. From there, you can see, enable, and disable the listed Windows services. In most cases, you should set unused services so that they are initiated via manual start.
Step Four: Identifying Which Services to Disable (And How to Do it)
It is a sound practice to research a certain service before disabling them, especially those services that you have no idea what they are needed for. Always ensure that it is safe to disable a service before doing so. You do not want to cause any conflicts or server errors. To disable a service on a modern server that uses systemd, type in the command: sudo systemctl disable <service>. To disable a service on an older server that does not work on systemd, type in the command: sudo chkconfig <service> off.