Securing your server from any kind of attacks is a key part of any web hosting provider or system administrator. You should implement a strong security policy to minimize risks and keep your data safe. There are several tips and tricks to improve your server’s security and protect it from malicious attempts to enter.
Improving server security isn’t complicated – just following some general guidelines and being smart with your server’s usage is enough to protect against typical attacks. Here are some guidelines that we recommend following to improve your server’s security.
Use Public Key Authentication For SSH
SSH is the most widely used protocol used to connect to a remote server. Most people use SSH to connect and manage their remote servers through the use of a password. By default, the SSH service uses port 22 – everyone knows this. Hackers use automated password cracker tools to attempt to crack your password over and over until they’re successful.
So instead of using a password, it is better to use SSH key-based authentication to connect to a remote server. Each user has a public key and a private key. The private key is kept by the user. The public key is kept on the server. The SSH key has more bits than a password and is not cracked easily by any tools. You should keep the private key secure – don’t share it with anyone. By doing this, you get the added bonus of not having to enter a password every time you connect to your remote server using SSH.
Secure Your Website with HTTPS
HTTPS is the secure version of HTTP. It serves as an internet communication protocol for securing the communication between two systems, e.g. the browser and the web server. Any information going to and from your server is automatically encrypted when SSL is present on the web server.
This prevents hackers from sniffing out your visitors’ sensitive information. HTTPS uses the SSL/TLS protocol for encryption and authentication. It simply encrypts HTTP requests and responses so that attackers will only see random characters instead of credit card details.
You can make your server use SSL for its web server by either purchasing a premium SSL certificate (such as Komodo) and configuring your web server to use it, or use Let’s Encrypt to apply a free SSL certificate. Their certbot command line tool can help you get SSL working in minutes. Consider checking out our guide on how to install a Let’s Encrypt SSL certificate if you want to add one to your web server.
Update Your Server Regularly
It is always a good idea to update your server packages regularly to keep your operating system safe from hackers. You should also update your content management system, such as WordPress, Odoo, and Magento, as well as their themes, plugins, modules, and extensions regularly. Outdated software or plugins can contain security vulnerabilities that are known to malicious users.
Disable Unnecessary Services
It is also recommended to disable and remove any unnecessary services that aren’t essential to your server’s functionality. By default, most Linux-based operating systems come with a tool for managing services. You can use it to disable and remove the services.
If your website is built with WordPress, then you should remove any unwanted plugins and themes to protect it from attacks. The less information you provide about your underlying infrastructure, the smaller the footprint becomes to base attacks on you with.
Establish a Secure Password Policy
You should set a password policy that must be followed by all members on the server. Some of the recommended password policies are listed below:
- Enable two-factor authentication.
- Use passwords with at least 10 characters.
- Do not use dictionary words or personal information in passwords.
- Use complex passwords that include numbers, symbols, and punctuation.
- Do not store passwords on laptops, smartphones, or tablets.
- Use a secure password generator to generate the password.
- Setting an expiration date for a password.
- Do not use the same password for multiple accounts.
Install and Configure a Firewall
You should set up a Firewall to prevent any unauthorized connections to/from your server. Almost all Linux distributions either come with firewall software built in, or they can easily be added after the fact. You could use one of the built in utilities (such as UFW on Ubuntu), or you can install a firewall.
CSF, also known as ConfigServer Security & Firewall, is a free and web-based firewall tool that can be used to protect your server from different kinds of attacks. It checks for login authentication failures on your SSH server, Mail server, FTP server, cPanel, DirectAdmin, and Webmin and can block them immediately. CSF is also able to detect many attacks, such as port scan, SYN floods, and login brute force attacks on many services.
Install Malware Scanning Software
It is also recommended to scan your server for any malicious software and remove them immediately before it breaching your server security. While malware is rare on Linux distributions, it’s not nonexistent. ClamAV is one of the best malware scanning tools for Linux. It scans your server for malicious software or files and removes them automatically.
It has an ability to detect viruses, trojans, malware and other threats. It supports multiple file-formats including, documents, executables or archives.
Avoid Using Telnet, FTP, and Rlogin Services
Anyone on the same network can breach FTP, telnet, or rsh commands, usernames and passwords by using a packet sniffer. So you should always avoid using those services and use more secure services instead. You should use OpenSSH, FTPS, and SFTP to avoid compromising your Linux server’s security.
These are just some precautions that you can take, but following all of these should keep you safe from all of the common security vulnerabilities.