Server Hardening is often misunderstood as being a one off process to tighten the security on a server before it becomes live on the Internet. This is only partially correct, sure you want to tighten the security of your server before putting it on a Public Network, but its not enough to put it in and forget about it. The idea behind server hardening is the process of securing the machine not only before it goes live, but permanently.

We have seen around the Internet, “Server Hardening Guides”, “Security Checklists” and “Hardening Protocols” all of which seem to be one off documents where you follow through the checklists ticking off the boxes and completing the required steps. Once all the steps have been completed, email the completed checklist to the boss stating the machine is now secure and that’s the end of that.

This is actually good practise as an initial process, but what happens in the future when someone creates a utility that can breach the security of your hosted server? Or someone finds that your running an out of date software application that can be exploited? The sad fact about the internet is that if a server can be compromised your pretty much guaranteed that it will be in time.

The idea behind server hardening is to make your machine secure and keep it secure and up to date as possible.

What steps can you take? Well the main things are keep your software up to date, most software developers release fixes, updates or patches which rectify found flaws or exploits, remove unused usernames and logins from your servers, disable SSH access with the root account, make sure you are behind a firewall, use a data integrity / change detection tool like Tripwire and most importantly take backups lots of backups. Regular audits on your servers for software updates is also a good habit to get into. Another good habit to get into is keeping documentation on your hosted servers this way you can see what versions of software you have installed, when patches or updates were installed, who performed the work etc etc.

Did we mention backups? Regular checked backups are very important, especially when the data on your server is critical.

Have you ever had the need to mirror an MS-SQL database? Perhaps for redundancy or maybe even a failover solution.

Recently a customer who came to us needed a solution for a disaster recovery site for their web application. Their system runs on Microsoft ASP.NET with a MS-SQL backend. We suggested the possibility of MS-SQL mirroring, this solution struck us as being very good for this application because it required very small changes to the application itself and required the minimum amount of hardware and additional software.

A quick overview of MS SQL mirroring is as follows:

- You require 3 servers, a primary database server, a secondary database server and a “witness� server.

- The 3 servers all require MS SQL. Preferably Enterprise Edition for the primary and secondary, and standard for the witness.

- The failover works on a “Quorum� system whereby 2 of the 3 servers must be able to communicate to form a Quorum for the system to continue to function. For example, if the primary server fails, the secondary and witness form a Quorum and promote the secondary to a primary.

- The secondary server is inactive as an SQL server unless promoted to primary (this is NOT a load balancing solution).

- In our situation, we required the failover to work not only for hardware failures, but link failures also, so we have to locate the witness server in a different location to the primary and failover site.

- Another option is to go without the witness server, but this requires a manual failover in the event of a problem.

The Microsoft article with more information about MS SQL mirroring can be found at http://www.microsoft.com/technet/prodtechnol/sql/2005/dbmirror.mspx

This is one of the automatic failover options we offer at GoHosting, although we have worked on many different solutions with Dedicated Servers, Virtual Servers and Colocation Servers.

It all depends on how important the availability of your website / application is. If you require absolute no downtime, then this kind of mirroring solution that would be suitable for your needs.