![\"admin-nap\"](\"https:\/\/xmission.com\/blog\/wp-content\/uploads\/2015\/02\/admin-nap.jpg\")
Nobody likes to get a call in the middle of the night that the company web site is down, or worse, hacked. It’s one of the key reasons why businesses often choose managed hosting solutions, after all. Of course, not all web sites can be run by someone else and in many cases administrating your own servers in a colocation facility makes solid sense.<\/p>\n
Even so, what about security and reliability? While web site performance matters, it doesn’t cause panic the way a hacked or broken site can. Your boss probably won’t fire you because the home page takes an extra second to load. Typically, you can upgrade hardware to readily speed up a server. It’s easy. Security and reliability, on the other hand, require more skill.<\/p>\n
In this short post I want to merely touch upon best practices which can help aspiring systems administrators sleep at night as well. This list also provides less technically savvy managers and business owners an overview of what their IT staff should already be doing.<\/p>\n
Standardize<\/strong> Hardening<\/strong> Monitoring<\/strong> Backups<\/strong> Security<\/strong> Redundancy<\/strong> Compliancy<\/strong> Here at XMission<\/a>, we’ve been administrating servers and running our data center<\/a> for years. Contact us<\/a>\u00a0toll free by phone (1-877-964-7746) or email (sales@xmission.com) today and find out how we can help you.<\/p>\n","protected":false},"excerpt":{"rendered":" Nobody likes to get a call in the middle of the night that the company web site is down, or worse, hacked. It’s one of the key reasons why businesses often choose managed hosting solutions, after all. Of course, not all web sites can be run by someone else and in many cases administrating your […]<\/p>\n","protected":false},"author":12,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[245,180,3,352,130,5],"tags":[],"class_list":["post-3552","post","type-post","status-publish","format-standard","hentry","category-data-center-2","category-hosting","category-security-safety","category-system-administration","category-tech","category-tips-helpful-information"],"_links":{"self":[{"href":"https:\/\/xmission.com\/blog\/wp-json\/wp\/v2\/posts\/3552","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/xmission.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/xmission.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/xmission.com\/blog\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/xmission.com\/blog\/wp-json\/wp\/v2\/comments?post=3552"}],"version-history":[{"count":6,"href":"https:\/\/xmission.com\/blog\/wp-json\/wp\/v2\/posts\/3552\/revisions"}],"predecessor-version":[{"id":6268,"href":"https:\/\/xmission.com\/blog\/wp-json\/wp\/v2\/posts\/3552\/revisions\/6268"}],"wp:attachment":[{"href":"https:\/\/xmission.com\/blog\/wp-json\/wp\/v2\/media?parent=3552"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/xmission.com\/blog\/wp-json\/wp\/v2\/categories?post=3552"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/xmission.com\/blog\/wp-json\/wp\/v2\/tags?post=3552"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\nSome things can’t be so easily fixed later and require forethought and planning. Standardize, document, and automate everything you can, including installations. Deploy a PXE<\/a>\u00a0system and standardize all of your servers with the same OS, kernel, and software versions as strictly as you can. Do everything the same and you’ll have far less to keep track of, spend less time managing updates, and experience fewer surprises.<\/p>\n
\nLock down absolutely as much as you can: ports, software, software modules, everything. Restrictions here improve both reliability and security. UC Berkeley’s server hardening guide provides\u00a0a good example: https:\/\/security.berkeley.edu\/node\/143<\/a><\/p>\n
\nAutomated monitoring, logging, and reporting can help you find a problem early on and potentially give you a chance to mitigate a problem before it gets serious. Even if you don’t catch it soon enough, logging can help you determine what went wrong so you can more quickly fix things. Icinga<\/a>\u00a0is an excellent open source monitoring and notification system.<\/p>\n
\nInsurance is only appreciated once things have gone all-to-hell but then its more important than anything else. Automatically and regularly store encrypted copies of your data, both on site and off, because worst case scenarios really do happen and when it does you’ll be a hero if you have backups.<\/p>\n
\nGood security requires far more detail than what I can touch upon here. At a minimum, always choose software with a good track record for security, setup a firewall, and encrypt your data. I also strongly encourage using an Intrusion Detection System (IDS) and conducting penetration detection quarterly. NIST<\/a>‘s Guide to General Server Security<\/a> is a good place to start.<\/p>\n
\nWithin reason, always seek to minimize single points of failure. Things like power supplies and hard drives are known to fail so build resilient servers that can handle such things. Run redundant ethernet drops and power circuits too. Need even more redundancy? Build a High Availability<\/a> server infrastructure and you’ll be adding scalability too.<\/p>\n
\nTypically, systems administrators don’t care for compliancy audits and certifications. It can seem like jumping through hoops that don’t always seem applicable to their environments. Ultimately, though, audits such as PCI<\/a>, HIPAA<\/a>, SSAE 16<\/a>, ISO 27001<\/a> are based on computer forensics from real world data breaches. Whether inconvenient or not, having outside experts review your policies and procedures and test your environment makes a lot of sense. It can also help you get customers who require\u00a0compliancy\u00a0audits.<\/p>\n