Securing a dedicated server or VPS is an ongoing process that can sometimes be overwhelming. Just as quickly as you find ways to keep would-be attackers out of your server, they look for new ways to get in. Above all else, it is important to be proactive and always look for ways to improve your server’s security. The following are 5 tips that should help you keep your server safe.
1. Secure Web Applications
A common mistake for new system administrators is to place too much emphasis on network security while ignoring the rest. No doubt, it is important to have a good network firewall in place, but it will not save your server from attacks aimed at open network ports, especially your web server.
On any Internet-connected server, the most vulnerable points are those which must be exposed to the outside world. The web server is always susceptible to attacks because anyone on the web can access it. Therefore, it is important to keep it patched and secure your web applications and server-side scripts. All it takes is one security hole in a PHP script to expose your entire server. One way to lessen the sting is to install a web application firewall like the free and open source ModSecurity.
2. Install Intrusion Detection
It is conceivable for people to attack and invade your server without you even knowing it. Think of your server as a compound with multiple borders to defend. A single person can probably find a hole in the fence to sneak in unnoticed. With surveillance at every point, however, you will at least know when someone attempts an intrusion.
Intrusion detection software, such as Brute Force Detection, can alert you whenever someone attempts to sneak into your fortress. Many of these solutions will also take measures to keep those attackers from finding ways into your server.
3. Monitor Everything
It is easy to sit back and hope no one attacks your server, but by actively monitoring it, you can often prevent attacks before they start. Monitor your network, web server, database server, mail server, operating system, an any other vital systems. You can do this by watching the system logs with a tool like logwatch and by using advanced scanning tools like OpenVas vulnerability scanner.
Some monitoring tools will even notify you of problems via text message to your mobile phone. By monitoring your server, you can often pick up on threats and potential attackers before they cause problems.
4. Get Help
I managed Linux servers for many years, but I still do not consider myself anywhere close to being a security expert. Acknowledging that you do not know everything is an important realization because it allows you seek help from others. The web has opened up many possibilities for free support with forums, blogs, and even video tutorials offering server security help. Even if you cannot afford to pay for help, there are plenty of free and inexpensive options.
If you can pay for help, however, it may save you a lot of time and grief to hire security consulting. Just make sure you do your homework and choose a consultant that will actually help your situation. If you know before getting your server that you will need a great deal of help, you might want to consider getting a managed server from your web host. The best web hosts will offer a wide range of managed server options.
5. Manage Users
Finally, and most importantly, you need to manage your users. All of your other security measures will be for nothing if you have users with weak passwords and unsecured scripts. Therefore, you should enforce strong passwords and require users with direct access (such as SSH) to change them periodically. For web hosting clients, make sure they keep their scripts and web applications updated. You may be able to help them by providing automatically installed scripts. Use your best judgement, and always look out for users who may have nefarious intentions.
Server security takes a lot of work, but it is possible to have a secure server without spending a lot of money. Avoid the reactionary approach. Take the time to do it right and be proactive, and you should be able to keep your server safe.
Top image by Jamison_Judd.