Stop treating your datacentre as if it were a laptop: Symantec

Securing a server and a laptop should be two different things, but many organisations are still looking at solving the security problem by installing antivirus and other end-point packages.
Written by Michael Lee, Contributor

Speaking at the Symantec Symposium in Sydney today, the company's information security practice manager Adrian Covich said that organisations are treating the security of their servers like laptops.

Despite servers residing in the datacentre and having vastly different security challenges, Covich said businesses protect them as if they were end points, like laptops, installing antivirus and data loss prevention packages and ignoring the fact that they are have different challenges.

"The datacentre is being targeted, and it doesn't matter if you're a big organisation or a small organisation. It's where the treasure is, and you need to protect it."

He said that many of the challenges, such as dealing with lost laptops or malicious USB sticks, simply don't apply to servers in a datacentre, and it didn't make sense to treat them that way.

Furthermore, he argued that of the data that is stolen from organisations each year, much of it isn't from laptops. He pointed to the recent Verizon Data Breach Investigation Report, which showed that 97 percent of data is actually from servers.

Attacks on servers are also quite different. Laptops are traditionally protected by antivirus products, intrusion detection/prevention systems, and possible layers of firewalls. While these are basic necessities for servers, they do not do much for addressing user privilege escalation vulnerabilities, defending against SQL injection, and other attacks, he said.

Covich said that organisations that want to protect their servers like servers and not like laptops should be examining the use of measures such as sandboxing, even in virtualised environments.

One such advantage that administrators can take advantage of is the fact that servers are meant to do only a few specific things, and their environment is not frequently changing.

"I don't want to be loading the latest version of iTunes because I can. I know what the programs are that the server is meant to run. I'm going to make sure it only runs those."

This goes hand in hand with application whitelisting, another recommendation that Covich made, which is one of the top strategies suggested by the Australian Signals Directorate for government departments.

Editorial standards