There’s no denying it – security matters. It’s for that reason that you should take care to properly secure your Linux server from the many threats that are floating around online. And, you should do it from the immediate server deployment; securing a server after it has been compromised is of little use. Below, we’ll list a few different things you can do to help secure your server, and keep the bad guys (and bots) at bay!
1. Harden SSH. SSH is a very powerful tool. You need to secure it. We suggest setting a custom SSH port (other than 22) at the very least. This will provide some basic protection against people just popping in your server’s IP address, username (defaults to “root”), and of course the password. By no means does this provide the ultimate SSH protection, as dedicated attackers or bots may well scan for your unique port. If it viable to you and your situation, restricting SSH access to only IP addresses that need to access it is ideal (i.e., your office IP address, home IP address, etc.). Make sure that you have a backup plan in case your IP address changes, for example, a serial console or IPMI.
2. Update your Operating System frequently. Don’t be one of those people that let hundreds of package updates build up before doing them, keep your update procedure regular! In most cases, it’s as simple as running a “yum update” or “apt-get upgrade” depending on your Linux distribution. Ensuring that you have a backup of your important data is advisable, in-case one of the updates causes unexpected issues (i.e. an unbootable server).
3. Only let services run that need to be running. There’s no point in having a mail server (i.e. Exim, Postfix) running if you never send emails. Similarly, there’s no point in having a web server (i.e. Apache, Nginx) running if you aren’t hosting any content to be read by a web browser. The more services you have running, the more potential attack vendors you are vulnerable to, which is especially true if you have outdated software installed on your server (updates can and often are security related, i.e. they fix security issues).
DediPath’s Managed Dedicated Servers can help you with everything mentioned above, and much more, to maintain a secure server and ensure uninterrupted access to it 24/7/365.