Join us on IRC: #infoanarchy on irc.oftc.net — channel blog

Server

From iA wiki

See also: Computer | Network | Client

Contents

Introduction

A remote machine that provides a useful function. Servers can be interacted with to send or receive data to from other computers. Also, the software that one does not directly use but gets used by one's client software to connect to remote services. Servers are rarely visible. They tend to work in the background and are rarely interacted with physically.

Examples also include Web, FTP, IRC, internal networking servers, etc. While there were a limited number of servers before, there are now almost uncountable types of servers.

One of the largest servers on the net is Razorback 2. It has been setup for the eDonkey2000 network. Razorback2 currently requires upgrading to 16 GB of memory to allow for more than 900 000 simultaneous connections.

Architecture

Servers are part of a system in computers called the client-server model. Clients used to not interact with each other but instead only with the server, creating a single point of interaction. In this model, computers on a given network all interact only with the Server and never one another.

A fairly new system called "peer-to-peer" is a modification of this model by letting individual computers communicate exclusively. Some peer-to-peer systems still use a server to help locate other nodes but those that do not often have faster, server-like supernodes.

In the 1960-1980s, many in the UNIX community (including IBM) focused on mainframes that later lost appeal in comparison to individual self-reliant computers with their own hard drive. Now server systems provide individual services but clients are very rarely reliant on servers to function.

What makes a server?

Hardware

Almost any computer can behave as a server. For simple activities such as FTP, computers well over 10 years old can perform this function - even on high speed networks - without a performance hit. However, for most production-level servers, it is rare to have only one function only and instead ten or even a hundred. Therefore, the components are generally characterized by being more reliable and robust, as well as having multiple processors or other generous system resources.

In short, a servers can be as simple as a PDA or as complex as a thousand powerful, interconnected computers all behaving as a Beowulf Cluster.

Usually computers sold or labeled as "server" have:

  • Faster, larger, redundant Hard Drive(s) - such as SCSI, RAID, Flash in embedded hardware, or pure RAM drives, known as Solid State.
  • Faster Processor - often 64-bit or, with Pentiums, a Xeon.
  • More RAM - at least twice or three times more than the average desktop system. Usually no swap.
  • Has a larger case or is rack-mounted with extra fans or a unique cooling device.
  • A basic video card or even no video card at all (serial line instead). No sound card (usually).
  • As few moving parts as possible, especially in embedded hardware. Or, for devices that require fans, multiple fans working redudantly.
  • Battery or generator power backup.
  • A support contract by the vendor.

Operating System

Note: The ability to operate a server on a network is considered an advanced computer skill. It is wise to purchase or download a book on operating a server for your OS if you wish to do it yourself.

  • Windows: Windows NT, 2000 and XP are considered server-capable and server-specific versions are available. Windows 95, 98, 98SE and ME, and are not considered servers and should not behave as such due to insecure and being unprepared for network activity.
    • In Windows XP, there are a variety of steps you can take to make your computer more server ready. One example is to visit the "Control Panel" and select the "System" icon. Goto the "Advanced" tab and select "Performance Options." Again select the advanced tab and choose "Background Services."
  • Macintosh: OS X, also a *Nix, is server-ready. A version of OS X designed specifically for server applications is also available. In rare cases, Mac OS 9 and below behave as servers.

Properties of the Network Connection

(Often do not apply to Local servers such as print or file servers which are on the same network as all client machines.)

  • Connected to a fast network to handle high-bandwidth operations. Often 10 or more times faster than most home broadband connections.
  • Almost always set to a Static IP Address.
  • Always connected and always turned on; the less unscheduled downtime the better.

Properties of the Precautions

  • Careful patch and updates application to help prevent exploitation from known security vulnerabilities.
  • Hardening to prevent the possibilities of zero day attacks.
  • Disable or turn off any and all applications not absolutely necessary. The fewer programs that are running, the less likely a system-compromise becomes.
  • Run single server applications on individual computers - separate jobs on computers to individual machines - FTP, Mail, Desktop applications should, if possible, be on different, separate machines. If one service is compromised, the individual computer can be reestablished while other services run uninterrupted.
  • Reinstall the entire computer every few months - starting over from scratch every few months or once per year reduces the chance that a skilled attacker, should they gain access, be able to stay connected.

Setting up your own server without a static IP

  1. Decide on which server you wish to run. This could be a WASTE network or an FTP server like FileZilla Server. Both of these are useful for exchanging files from home and office without e-mailing them to yourself or using a "Internet Drive" service.
  2. For different routers, this will be called different things. Some require that you turn off NAT routing, some require that you put specific IP addresses in the "demilitarized zone" (DMZ).
  3. Discover your private IP address (usually 192.168.x.x)
  4. iA recommends http://www.no-ip.com but there are a list of Dynamic DNS Services on Google Directory.
  5. Follow the directions of your Dynamic DNS Service. Test it by connecting another computer to yourname.no-ip.com (or whatever DNS Service suffix you're using).

Securing a basic Windows server

  1. Turn off any and all non-essential applications
  2. Run a black-list such as is available with PeerGuardian. This will help block a variety of connections and servers across the Internet that have no business connecting to your computer. You can also create or add to the black-list dynamically (unlike ZoneAlarm).
  3. Run a firewall such as ZoneAlarm. While this program is often hostile to programs that behave as a server, its security level can be set to accept server-type connections.
  1. In the application window, go to Firewall and set "Internet Zone Security" to Medium. This will lower the security level of your computer but you can increase it again through the following step:
  2. Also in the application window, go to "Program Control" and click next to essential applications under the lock icon collumn and say "Pass Lock." Allow only applications such as FTP Server, Dynamic IP Service, Windows Update, and PeerGuardian to have pass-lock status. Now ONLY applications you have added into this list will have a connection with the Internet. You have just eliminated a huge number of threats to Windows.

Related Link

Related Topics