Basic Server Security: A Threat Overview

One of the first recommended tasks with a new server is to secure it. In this coming series on basic server security we’ll be looking at a number of the techniques and methods you can use to secure your server and help keep it protected from threats. To begin, we are going to look at what these threats are and what they mean to your server.

Script Kiddie

The first and probably most encountered threat for a server is script kiddies. Script kiddie is a somewhat derogatory term for a hacker that uses a collection of pre-made programs or scripts to attack computers. These scripts may be traded or bought online having been created by malicious hackers before being distributed for others to use. While the script kiddie may not have the abilities of a hacker to find and exploit weaknesses on a server, the tools they use are no less potent, and certainly form a credible threat. To make things worse, there are lots of script kiddies out there with these tools, many of which are fully automated.
The scripts they use range from tools to brute force SSH on your server to scripts that exploit the latest vulnerabilities in web applications like WordPress. Most known application exploits are available in online marketplaces and can be used against your server. Script kiddies generally work through servers they have already compromised, launching scans of the internet to identify target servers and software before using the tools at their disposal to compromise servers and use them for their own purposes. Often the compromised server is added to a botnet that is used to launch DDoS attacks, spam campaigns, mine cryptocurrencies or just to compromise yet more servers.

Hackers

Less often encountered, but much more severe in terms of threat, are actual hackers. Hackers are generally highly skilled individuals with a good understanding of the systems that they are attacking. They often use many of the same methods to compromise servers as script kiddies, though may also have knowledge of exploits that are not yet common knowledge. Unlike script kiddies, however, hackers tend to target systems for specific reasons such as to extract data or information.

Malware

Next up we have malware. Malware is a term that refers to malicious software that may run on your server.  By this we mean things like viruses, worms, trojan horses, and ransomware. Often malware aims to be shared through tricking people into downloading files or programs that are infected with the malware, and then executing it on their computers. Some, like worms, are intended to spread themselves using known exploits on servers, and in some cases work almost like a fully automated script kiddie itself. In many cases malware is attempting to do more or less the same as we saw with script kiddies once the server is compromised, being used to perform tasks in botnets, send spam, etc. Some malware may use web servers as a way to promote its own distribution.

Users

Finally we have users. A malicious user may perform actions to attack your server or break it. Far more likely to occur, though, is a careless user who may accidentally download or install malware on the server.  A careless user may also choose a weak password or share it somewhere.
Threats come in all shapes and sizes, and how you implement your server security will aim to reduce both the chances of anything being exploited and the impact of a successful exploitation of your server. It should also increase the chances of you detecting a successful attack on your server so that you can respond quickly to it.