Server Security Checklist

Securing each one of your servers is an important step towards total network security, and you should take some time to consider whether or not you’re doing the best job you can to cover all your bases and keep your servers as secure as possible.

It can be difficult to keep track of all of that information; doing all of the research required to stay up to date with the latest best practice protocols, compliance regulations, and security threats is no small task.

What’s more, many organizations have poor processes in place when it comes to server security, and very few of them even consider that server security is a process which should be maintained and iterated upon.

Worry not – we’ve made this checklist to catch all of the common doubts and problems that you might have when considering your process for server security; you can even customize this checklist template to suit your specific needs with our editor.

Without further ado, let’s get right to it.

Kicking off the server security checklist, you need to input some details about the server setup and the person who’s doing it. 

Just make sure to fill in all of the form fields below.

Securing the actual physical location of the server is one of most important parts of any server security process – that’s why it’s first in this checklist. 

The concept is simple – just like virtual access, physical access must be as secure as possible.

We’ve outlined the steps in the sub-checklist below:

Updating in Ubuntu is as simple as running a command-line application.

Just open the terminal and enter this command:

 sudo apt update && sudo apt upgrade

After updates have finished downloading and have all been applied, make sure to perform a system reset to apply any changes.

Event logging is extremely important for accountability – so that you can check which users did what during any given security incident.

Almost all actions on the server should be logged, from user login times and access points, to file transfers, website access, configuration changes and application executions.

The tasks are outlined in the sub-checklist below; check off each one as you progress and state your opinion on the current event log monitoring process with the drop-down form field.

If you feel that the current process for event log monitoring is inadequate, then you should provide feedback in this task. 

Perhaps certain data was omitted from the logs; or you couldn’t access the backup files; or maybe you believe a different strategy would be more effective within the current organization setup – whatever it is, record your thoughts in the form field below.

Remote access logs must be reviewed regularly to ensure that only those with relevant privileges are accessing the server remotely.

Unusual remote access activity could be a sign of malicious actors attempting to access your server.

Keep watch for any users logging on under suspicious circumstances, such as signing into the system despite already being in the office working, or accessing the server during the middle of the night.

Any suspicious activity you notice in your remote access logs should be flagged and followed up with accordingly.

This might involve contacting the account owner and asking them about the incident and checking to see what kind of activity was happening at that time.

Check off all the sub-tasks in the sub-checklist below to make sure any suspicious activity is investigated accordingly.

Next, make sure that there is a process in place for changing system configurations.

If that process already exists, you should consider whether or not it’s adequate, and how you might improve upon it.

If you feel the current server configuration control process could be updated, you should suggest some improvements in the form field below.

Regular users should not be able to tamper with start-up processes, such as antivirus software and certain server scripts. 

Complete the sub-checklist tasks below, checking each item off as you go.

Linux recognizes which packages it has installed that aren’t being used or depended upon; just run this command in the terminal:

 sudo apt autoremove --purge

Launch whatever antivirus or antimalware tools you have installed and run a full system scan. 

The steps are outlined below; follow and check each one off as you complete the sub-task.

Review your firewall security settings and make sure everything is properly configured.

Check that all filters are enabled, as well as alerts, traffic log analysis, and user permit rules.

Review the sub-checklist below and be sure that you’ve done each task.

Now you need to configure two-factor authentication for all users with root or administrator system privileges. Users that have been recently granted these privileges will need to be reminded to activate 2FA.

You can use the Admin Control Panel in Google Apps to see who has 2FA enabled wthin your organization.

Follow the sub-checklist below to check whether there are users who aren’t 2FA activated yet.

Check if there are admin or root users who don’t have 2FA enabled and record what you find below.

For any new admin or root users, you can send a friendly reminder email about how and why they should enable 2FA.

Lucky for you, this checklist contains a pre-formatted email for issuing a 2FA reminder, auto-filled with the relevant details to make your life easier. 

Before sending this off, make sure you set the deadline date for 2FA activation.

All that’s left for you to do is input the emails of the users who need to be reminded, then once everything looks good, hit “Send”.

Simply put, you will need to disable or remove all user accounts that haven’t been active in the last 3 months.

On Linux systems, you can run this simple command in the terminal to see a list of active users from the past 90 days.

lastlog -b 90

After you’ve reviewed this list, run the following command to print the output to a text file and disable all the user accounts listed:

lastlog -b 90 | tail -n+2 | grep -v 'Never log' | awk '{print $1}' | tee -a ~/usermod-L.log | xargs -I{} usermod -L {}

Make sure that membership to both the admin and superadmin group is restricted to as few users as possible without causing any problems. 

It’s common for sysadmins to be the ones holding admin rights in this kind of scenario, but be sure to double check exactly who in the organization does or doesn’t require admin privileges.

Make sure server data is being completely backed up on a regular basis. Ideally, this process will already be automated, so it may just be a case of checking everything is working as it should be.

All critical systems data should be included in the backup process, and you should be backing up the data in at least three separate locations to ensure fault tolerance and contingency against accidents and unexpected damage.

The process for securely backing up your data is as follows:

After making sure everything is being backed up regularly, it’s part of security best practice to test that your recovery images are working as expected.

Once you’ve tested the recovery images, record what you observe in the form field below.

If there are problems with the test images, then you should perform extensive testing to get to the route of the problem.

This may include re-making and re-testing system-wide backup images or switching the backup process that’s currently in use to a new one.

Last but not least, the hardware.

Neglecting the machines your server systems are running on will inevitably affect performance in a bad way, and unexpected downtime or drive failures pose potential security liabilities. It’s worth keeping on top of things with regular maintenance checks.

Check out our Server Maintenance Checklist for the complete process, but the least you can do is check and replace any damaged or precariously aged drives in your RAID setup to ensure that byzantine fault tolerance doesn’t fail on you.

Once you’ve made sure all the server’s hardware is up to scratch, you’re done with this checklist.

• Taylor Armerding – The 15 worst data security breaches of the 21st Century
• NayaTech – Database Security Checklist
• ServerDensity – Server Security: Are You At Risk?
• Pluralsight – Server Hardening Checklist
• Process Street – Server Security Tips
• MongoDB – Security Checklist
• Certified Secure – Certified Secure Server Configuration Checklist
• TechTalk – Ultimate Network Security Checklist
• Microsoft – Security Best Practices

• Inventory Management Process
• Network Security Management
• Client Data Backup Best Practices
• Computer Maintenance Guide
• Server Setup Process
• Virtual Private Server Setup
• IT Support Process
• Helpdesk Management
• Server Maintenance Checklist
• Information Security Incident Response
• SQL Server Audit Checklist