- 1 Introduction
- 2 Architecture
- 3 What makes a server?
- 4 Setting up your own server without a static IP
- 5 Securing a basic Windows server
- 6 Related Link
- 7 Related Topics
A remote machine that provides a useful function. Servers can be interacted with to send or receive data to from other computers. Also, the software that one does not directly use but gets used by one’s client software to connect to remote services. Servers are rarely visible. They tend to work in the background and are rarely interacted with physically.
- Simply setting your web browser to www.cnn.com is connecting to a server.
- When using a Napster clone like KaZaA, you must connect to the remote server to search for files.
One of the largest servers on the net is Razorback 2. It has been setup for the eDonkey2000 network. Razorback2 currently requires upgrading to 16 GB of memory to allow for more than 900 000 simultaneous connections.
Servers are part of a system in computers called the client-server model. Clients used to not interact with each other but instead only with the server, creating a single point of interaction. In this model, computers on a given network all interact only with the Server and never one another.
A fairly new system called “peer-to-peer” is a modification of this model by letting individual computers communicate exclusively. Some peer-to-peer systems still use a server to help locate other nodes but those that do not often have faster, server-like supernodes.
In the 1960-1980s, many in the UNIX community (including IBM) focused on mainframes that later lost appeal in comparison to individual self-reliant computers with their own hard drive. Now server systems provide individual services but clients are very rarely reliant on servers to function.
What makes a server?
Servers are generally characterized by being more reliable and robust, having multiple processors, or having generous system resources. But servers can be as simple as a Pentium I or as complex as a Beowulf Cluster.
Usually a computer sold or labeled as a “server” has:
- Faster, larger, redundant Hard Drive(s) – such as SCSI or RAID or Flash in embedded hardware.
- Faster Processor – often 64-bit or, with Pentiums, a Xeon.
- More RAM – at least twice or three times more than the average desktop system. Usually no swap.
- Has a larger case or is rack-mounted with extra fans or a unique cooling device.
- A basic video card or no video card at all (serial line instead). No sound card (usually).
- As few moving parts as possible, especially in embedded hardware. Or, for devices that have fans, multiple fans working redudantly.
- Battery backup.
- A support contract by the vendor.
- Windows: Windows NT, 2000 and XP are considered server-capable and server-specific versions are available. Windows 95, 98, 98SE and ME, and are not considered servers and should not behave as such due to insecure and being unprepared for network activity.
- In Windows XP, there are a variety of steps you can take to make your computer more server ready. One example is to visit the “Control Panel” and select the “System” icon. Goto the “Advanced” tab and select “Performance Options.” Again select the advanced tab and choose “Background Services.”
- Macintosh: OS X, also a *Nix, is server-ready. A version of OS X designed specifically for server applications is also available. In rare cases, Mac OS 9 and below behave as servers.
Properties of the Network Connection
(Often do not apply to Local servers such as print or file servers which are on the same network as all client machines.)
- Connected to a fast network to handle high-bandwidth operations. Often 10 or more times faster than most home broadband connections.
- Almost always set to a Static IP Address.
- Always connected and always turned on; the less unscheduled downtime the better.
Properties of the Precautions
- Careful patch and updates application to help prevent exploitation from known security vulnerabilities.
- Hardening to prevent the possibilities of zero day attacks.
- Disable or turn off any and all applications not absolutely necessary. The fewer programs that are running, the less likely a system-compromise becomes.
- Run single server applications on individual computers – separate jobs on computers to individual machines – FTP, Mail, Desktop applications should, if possible, be on different, separate machines. If one service is compromised, the individual computer can be reestablished while other services run uninterrupted.
- Reinstall the entire computer every few months – starting over from scratch every few months or once per year reduces the chance that a skilled attacker, should they gain access, be able to stay connected.
Setting up your own server without a static IP
- Decide on which server you wish to run. This could be a WASTE network or an FTP server like FileZilla Server. Both of these are useful for exchanging files from home and office without e-mailing them to yourself or using a “Internet Drive” service.
- For different routers, this will be called different things. Some require that you turn off NAT routing, some require that you put specific IP addresses in the “demilitarized zone” (DMZ).
- Discover your private IP address (usually 192.168.x.x)
- TD123 recommends http://www.no-ip.com but there are a list of Dynamic DNS Services on Google Directory.
- Follow the directions of your Dynamic DNS Service. Test it by connecting another computer to yourname.no-ip.com (or whatever DNS Service suffix you’re using).
Securing a basic Windows server
- Turn off any and all non-essential applications
- Run a black-list such as is available with PeerGuardian. This will help block a variety of connections and servers across the Internet that have no business connecting to your computer. You can also create or add to the black-list dynamically (unlike ZoneAlarm).
- Run a firewall such as ZoneAlarm. While this program is often hostile to programs that behave as a server, its security level can be set to accept server-type connections.
- In the application window, go to Firewall and set “Internet Zone Security” to Medium. This will lower the security level of your computer but you can increase it again through the following step:
- Also in the application window, go to “Program Control” and click next to essential applications under the lock icon collumn and say “Pass Lock.” Allow only applications such as FTP Server, Dynamic IP Service, Windows Update, and PeerGuardian to have pass-lock status. Now ONLY applications you have added into this list will have a connection with the Internet. You have just eliminated a huge number of threats to Windows.
- FileZilla Server – an open source, secure FTP server for Windows
- Sambar Server a free HTTP, FTP and Proxy server for Windows.
TakeDown.NET -> “Server”