For web hosting providers and server administrators, server protection is a critical feature of server management. We’ll look at ten methods for hardening servers and monitoring them for security flaws in this article.
1. For SSH, use public-key authentication.
Remove any access that isn’t encrypted. No one can handle servers using telnet, FTP, or HTTP anymore. The approved requirements are SSH, SFTP, and HTTPS. Remove password authentication from SSH altogether for even more security. Using SSH keys instead. A public key and a private key are assigned to each user. The user keeps the private key. The server stores the public key. When a user attempts to log in, SSH verifies that the public and private keys are identical. There is no chance of an effective brute force attack against a weak password once password logins are disabled.
2. Use Safe Passwords
Criminals face a challenge when dealing with a security-hardened server, but you’d be shocked how many server administrators leave the front door wide open. People, particularly those who should know better, have a habit of choosing passwords that are easy to guess. Last year, a wave of ransomware attacks resulted from brute force attacks on servers with weak SSH passwords. Long and random passwords are preferable, and users with login style access should be restricted.
3. Setup the CSF Firewall and Configure It
Config Server Firewall is a feature-rich, free firewall that can protect a server from a variety of threats. Stateful packet inspection, authentication failure rate restricting, flood security, directory watching, and the use of external blocklists are only a few of the features. CSF is an excellent tool that is much easier to use than iptables.
4. Setup Fail2Ban and Configure It
Every server on the internet is infested with bots searching for flaws. Fail2Ban scours your server’s logs for patterns that suggest malicious connections, such as a high number of failed authentication attempts or connections from the same IP address. It can then block connections from those IPs and send a notification to a designated administrator account.
5. Download and install anti-malware software.
You want to keep malicious people out of your server as far as possible, but if they do happen to get in, you want to know about it as soon as possible. ClamAV is a great malware scanner for Linux, and rkhunter is great for rootkit detection. When used together, they have a strong chance of detecting any malware that a hacker could install on a server. AIDE can be used to create a hashed table of all the files on the server, and then compare the hash count of the files on a regular basis to ensure that no changes to system-critical files have been made.
Maintain Software Updates Out-of-date software is more likely to include security vulnerabilities that hackers are aware of, as Equifax recently discovered to everyone’s detriment. Even if you don’t follow the rest of this article’s recommendations, you can at the very least update your Linux distribution package manager.
7. Make regular backups
You do not consider backups to be a security measure, but the primary reason for securing a server is to protect the information stored on it. Since there’s no way to guarantee that a server won’t be hacked, data should be encrypted and backed up to an offsite place. Ransomware attacks can be defeated by checking recovery from comprehensive backups on a regular basis.
8. Logs to keep track of
Logs are a critical piece of security equipment. A server gathers a great deal of data on what it does and who links to it. Malicious actions or security breaches are often revealed by patterns in the data. Logwatch is a great regular overview tool for analyzing, summarizing, and reporting on what’s going on with your server. Hourly reports can be produced with Logsentry for more active ingress monitoring.
9. Unnecessary Services Should Be Turned Off
Disable any internet-facing software that isn’t needed for the server’s operation. The fewer points of touch between the server’s internal and external environments, the better. A tool for managing resources is included in most Linux distributions, including CentOS and Ubuntu.
This includes turning off modules you don’t need, removing language modules that aren’t in use, disabling web server status, and debugging sites. The less information you have about your underlying infrastructure, the smaller the attack footprint would be.
Install ModSecurity if you haven’t already.
ModSecurity is a Web Application Firewall that runs at a higher level than the CSF firewall and is intended to protect the application layer from attacks. In a nutshell, it protects web applications from a variety of attacks, including those targeting content management systems like WordPress and eCommerce stores like Magento. ModSecurity was previously only available for Apache, but it is now also available for NGINX.