Advanced server security
Strengthen all systems according to vendor recommendations
Suppliers of hardware and software often make recommendations to strengthen the security of their components. Applying these recommendations is a good preventive practice.
Strengthening hardware and software configurations makes malicious attempts more difficult and closes numerous security loopholes. This measure is to be combined with regular patching.
Isolate your networks for the administration of servers
Having a separate network or a demilitarised zone that is dedicated to the servers and their administration is an example of isolating critical resources, and makes it more difficult to spread malicious code.
The physical separation of sensitive resources, including at infrastructure level, allows risks to be compartmentalized and prevents spreading between different security levels.
Search for abnormal access to information and systems (timeframes, applications, data,...)
Internal IDS (Intrusion Detection Systems) allow the detection of abnormal actions that would otherwise be lost in the network traffic. They provide precise indicators for upstream detection of certain suspicious activities.
The upstream detection of activities judged to be irregular strongly increases the probability of subsequent effective mitigation. It also provides post-incident indications of how an attack took place.