Server security is a highly concerned nowadays by website owners and server owners. And lots of companies providing hardening services at a high cost. While considering the server security or security of your site, don’t confuse true security with a false sense of security. In this article, I am mentioning some of the misconceptions or false feelings about security and also referring some of the security measures we follow. There are lots of security measures mavailable and mentioning all of them here is not possible. So do some research on it while you are doing some security implementation. In my opinion do not go with one article for the security implementation, use different articles and take the best from them while implementing security.
Following are some of the security measures normally followed by system admins without bothering about the vulnerability behind it.
Firewall implementation
What is the firewall? it is a barrier created between server and outside world. It is also a software and what happens if that software stopped unexpectedly?
Normally we block the unwanted ports without stopping the unwanted software running behind it or some vulnerable software behind the firewall and allowing only to some users. And like I said before if the firewall is stopped unexpectedly, the software is open to the public and the vulnerability exists. We all know that crackers are always a step ahead and they keep looking for loopholes to hack into your server. So even though the firewall implemented, make sure the vulnerability of the software behind the firewall should be resolved.
Another thing I noticed in most of the servers is MySQL port is blocked in the firewall to avoid outside access but the MySQL service is listening on all the ip’s in the server. Instead, we can reconfigure MySQL to listen on localhost interface only, so that even the firewall is down, access to MySQL is limited.
Ssh security
Ssh security is the main thing needs to take care while considering the Linux server security. You can search for securing shh server to get a lot of solutions. Last day I read an article with “20 ssh securing tips”, from here itself we can understand the importance of the ssh security.
Port change is one of the security measures with ssh and do you think this will secure your server? No, it is just a patchwork to the attack on ssh port. By changing the ssh port we can avoid the general attack to the ssh port. If the hacker is targeting your server, then the port change has no effect. He should use some method to find the ssh port. There are lots of tools available for finding the open ports on a server.
How can we secure ssh from targeting hackers?
Port scanning is one of the option to find the open ports on a server, we can configure a firewall to block ip’s which are trying the unused ports on the server. If the hacker uses multiple IPs for port scanning, then this setting also worthless. In addition to the above setting, enable other security measures to make it secure.
Implementing following three measures will reduce the attacks to 90% – 95%.
Changing ssh port
disable root login
disable password authentication and use ssh key pair
You can check the article Security Tips for SSH service for more details for adding ssh security.
Backup everything
Do you think why backup at related to security? Even though we made many security measures, sometimes we may have missed some unknown security holes and the hacker may intrude into your server and make damage to your data. So it is good option to keep backup every data to a safe location. Always take backups before and after making changes. If the data is changing regularly, then enable an automatic daily/weekly/monthly backup based on the availability of space and importance of data. If we have a good working backup we can easily retire the data without losing any content. It is always a good option than cleaning the infected files.
Security tips
Updates
Always keep updating the software’s installed on the server, in the case of websites update applications. It is suggested to use an automated method to do the updates to avoid delay in implementing the updates. Also, subscribe to vulnerability update news or the software newsletters to aware of the latest changes and bugs.
Strong password policy
Passwords are one of the security criteria we need to take care. In the case of a hosting server, we cannot make sure the end users are not following the procure to keep password secure. We can implement some settings related to a password to make it secure.
- Strong password
- Set expiry for passwords
- Restrict the use of old passwords
- Do not use empty passwords
- Lock the users after login failure
Disable unwanted services
Running an unwanted process on a server is a security risk and no one will bother that software is updated or not, since it is not in use. So always disable or remove those unwanted process.
Auditing
Audit the server logs and processes and make sure all are secure. Keep documenting every data about your audit, so that it can be used for next audit. Add an automated monitoring tool for the website, logs, and processes and do some manual check at some interval to make sure the automated monitoring working well.
Conclusion
Keeping the server security is not a one-time process, it is an ongoing process. Auditing your system, Implementing solutions, Evaluating logs and alerts and monitoring will keep your server secure. If you have no time for doing the same, hire a qualified system admin for doing the same.