Server and Cloud Configuration Reviews

December 14, 2023

Introduction

Servers are an important part of any business. There are many different types of servers, but they will likely fall under two categories: physical and virtual. Regardless of what sort of server your business has, a server configuration review or cloud config review is crucial for proper cybersecurity posture. The latter is becoming increasingly popular, considering businesses are putting more and more of their processes into virtual, off-site areas.

These server and cloud configuration reviews are only some of the many config reviews that should be done. Servers are practically the heart of many different operations that your business does. As such, this hardware or software holds quite a bit of sensitive information. This is especially true if your business deals with customers—it will house not only employee information, but customer information as well.

What is a server?

While it might seem a bit obvious as to what a server is, it is important to know the deeper things about them to properly get a server config review. A server, in its most basic form, is a collection of hardware or software that provides data and resources to connected devices and other hardware. Without a server, there’s no function among your devices.

However, they don’t extend only to businesses and companies with expansive computer systems and databases. Many people have personal and private servers they use. Some may not even realize they use one—if you use a wireless printer or home automation, you use a printer, too. Therefore, it should be noted that cybersecurity is important both in organizations and personal computers.

There are a few different types of servers to consider when preparing for a config review. These are:

  • Physical servers
  • Cloud servers
  • File Transfer Protocol (FTP) servers
  • Web and Internet servers
  • Proxy servers
  • Application servers
  • Virtual machine servers

There are a few others, but your business will likely be running one of these behind everything else. It’s important to know which ones you have for the purpose of configuration reviews.

Server and Cloud Config Reviews

As said above, a server is one of the most crucial pieces of a company’s information technology system. Because of this, servers are a key target for many bad actors out there. They will try their best to get into a server where all of your data and operations are housed. If they get in, they’ll have the keys to the kingdom, so to speak. In the event of an account takeover, it’s very easy for things to get bad if they get into your server.

A config review should be done at least twice a year. It is recommended to be done every quarter or after significant updates, however. Even servers go through updates, leading to vulnerabilities and other various issues that hackers and bad actors will take advantage of. When doing these configuration reviews for servers and cloud servers, a security analyst may ask you about certain architecture of your servers. These questions pertain to:

  • The general use of the server.
  • If the server is physical or virtual.
  • If the server is part of a cloud environment like AWS or Azure.
  • What operating system the server uses.
  • If the server is attached to a domain.

After the architecture and other information is known, the config review will begin. A security analyst will go over multiple factors of vulnerability, including updates, patches, and various other things that may have been missed when it comes to being up to date on provided defenses. Authorization and connected devices will also be reviewed and considered.

The servers will be scanned and verified individually to make sure that all defenses are applied. These go hand-in-hand with other config reviews like firewall and VPN reviews, considering they’re important checks to make sure bad actors are kept away. Afterward, security analysts will walk through with the business to make sure everything is taken care of and adjusted appropriately.

Conclusion

The configuration review for a server may be a bit daunting, but it’s a lot easier than you might think. Optimization of settings and defense against vulnerabilities are important to any business or organization. Servers are a crucial part of any business setup, so it’s becoming increasingly vital to keep systems updated and protected. Any intrusion to a server can cause massive issues.

Configuration reviews and system hardening are simple steps to take when it comes to cybersecurity posture. Not only do you need them for physical servers and cloud servers, but you also need them for things like Microsoft 365, firewalls, VPNs, and more. Some of these are required by the government, so getting ahead of it always looks good on a report or examination. If you’re unsure of how to proceed with a server configuration review, be sure to reach out to a third-party firm that can assist you with these!

Eddy Berry, Security Research Analyst

Eddy has been researching cybersecurity for a few years now. Finding specific trends and best practices is something he takes pride in, assisting in finding news and government regulation that are on the rise. He researches topics and writes articles based on current events and important vulnerabilities that are affecting people, always hoping to get the necessary cybersecurity steps to those that need them.