Security and Web Server Guide
Understanding Web Security
At Schools ICT we understand the importance of security. Schools ICT use industry standard server and web software to provide our services as well as protect your data. Web application security is a branch of Information security that deals specifically with security of websites, web applications and web services.
If your website is hacked, it means someone gained access to your website account (typically via File Transfer Protocol, a.k.a. FTP or CMS login). By gaining access, hackers can do the following
- Put malicious code in it, what the code does depends on the hacker's objectives.
- Install malware and viruses on visitor's computers
- Redirect visitors to other sites
- Use your website to attack other websites, bringing them offline
- Replace your site content with other content, the subject of which varies depending on the hacker's objectives.
Intrusion and Brute Force
Intrusion is a security breach on the server. This is normally done from outside of the server via network or software vulnarabilities. A brute force attack is one such approach. Brute force (also known as brute force cracking) is a trial and error method used by application programs to decode encrypted data such as passwords, through exhaustive effort (using brute force) rather than employing intellectual strategies.
DDoS - Denial of Service Attacks
A distributed denial-of-service (DDoS) attack occurs when multiple systems flood the bandwidth or resources of a server. Such an attack is often the result of multiple compromised systems (for example a botnet) flooding the targeted server with traffic.
Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications such as WordPress and Joomla. XSS enables attackers to inject client-side scripts into web pages viewed by other users. The end user’s browser has no way of knowing that the script should not be trusted, and will run the script. Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by the browser and used with that site.. Their effect may range from a petty nuisance to a significant security risk, depending on the sensitivity of the data handled by the vulnerable site and the nature of any security mitigation implemented by the site's owner.
What do we operate?
Schools ICT run cloud based webservers running Linux and Plesk with further servers available upon requirement. Some of these servers handle our customer base, whilst others provide redundancy and failover.
What Security do We Provide?
1. Server Level - Linux Operating System (OS)
Firewall and Intrusion Detection
- Plesk 12.5 Firewall - We offer a robust firewall solution blocking all access apart from web traffic and sending mail.
- Fail2Ban - Advanced real time intrusion detection and automatic blocking software. This allows us to actively monitor our firewall and block all brute force, DOS and DDOS activity.
Watchdog and RootKit Hunter
- Inspecting machines for malicious changes, scripts and malware detection
Datagrid VCTR 1.8
- Operating System Reliability and Vulnerability Evaluation. If there are any critical exploits released in the interim period between scheduled upgrades, a ticket is raised in our system and our team reacts immediately to formulate a mitigation plan, communicate with affected customers and implement any necessary emergency patching.
Real Time Scalable Hardware
- Allows us to freely adjust the amount of CPUs, RAM and SSD storage at any time.
- Plesk Health Monitor
- Real Time monitoring and notification
- Threshold management
- All services including CPU, MYSQL, RAM, Network and Disk
- We use 1 and 1 datacentre external server monitor - http, ftp, ping etc. providing external monitoring of our Cirrus Cloud servers
- We perform daily server software checks and weekly upgrades. All patches, bug fixes and security updates are tested on a Friday in our test bed environment (this does not affect our live environment). The server is then run for 2 days and tested for further bugs. The updates are then rolled out Monday morning. Critical exploits are patched immediately.
- We are subscribed to security mailing lists for all the critical elements of our software stack.
2. Hosting Level - Plesk Hosting Environment
ServerShield by CloudFlare
ServerShield by CloudFlare is a global CDN (Content Delivery Network) , DNS, DDoS protection & web security system. By routing traffic through CloudFlare we can block threats and limit abusive bots and crawlers from overwhelming and wasting bandwidth and server resources. Provides real time notification of urgent issues and a course of action to neutralise the threat.
- Globally load balanced content delivery network (CDN)
- Always Online
- Traffic Analytics
- Participatory member of the CloudFlare community.
Robust Security Policy (Plesk Enhanced Security Mode)
- We only use strong security passwords. All passwords stored in the Plesk database are encrypted using the Plesk secret key. This way, even if a third party obtains a dump of the Plesk database, your customers are not compromised.
- We only allow Secure FTP connections to our servers
- Plesk Security Advisor identifies weakness in our security policy
- Sensitive data (for example, user passwords) cannot be retrieved using the Plesk API.
- We perform daily backups containing all customer and full server data
- Backed up to local and 2 geographically separate locations.
- Fast response and recovery in the case of a severe attack.
3. Web Application Level - CMS / Customer Web Environment
- Allows identification of potential threats in 3rd party websites hosted on our server
- Real time Website Malware & Vulnerability monitoring
- We are subscribed to security mailing lists for all the critical elements of our CMS
- Automated notification via CMS software
- Participatory member of the Open Source community.
Daily and Weekly Checks
- We perform weekly CMS checks and upgrades.
- All plugins and extensions are monitored.
- Patches, bug fixes and security updates are tested immediately in our test bed environment (this does not affect our live environment).
- The website core functionality is then tested to confirm it still works as expected.
- The updates are then rolled out to the live websites.