If you are searching about how to secure server, then here are some steps that can help you in to secure server and save you from extra charges by the server & VPS providers. Server security is really important, in case you have very important data or information on your server and it is easily accessible or attackable, you can lose your data, someone can exploit your system or data easily. Hence, to protect yourself from any type of attacks or data loss, you should adopt a few safety steps given below.
Password Security – A Good way to prevent unauthorized access
Password security is the first step in any type of security. It has great importance to secure server. Password security helps you to prevent unauthorized access to your system. But which password is secure? There are systems, that can be accessed easily even they have password security. Use the following tips to strengthen your password security:
- Use strong passwords with a minimum length of 8 characters because stealing or guessing a password with long length is difficult.
- Try to enhance the complexity of your password by using mixed characters e.g. include numbers, alphabets, special characters.
- Avoid using keywords in your password because these are known in dictionaries.
- Use different passwords for different modules on your server.
- Avoid using personal information as a password because social engineering can easily help to gain access to your server.
- Avoid repetition of sequences in your password.
- Keep updating your password with time.
- Don’t store passwords on your phones, tablets, computers or anywhere, keep them in mind. Extracting saved passwords from any device is not a tough job.
- You can use a password generator to generate a strong password.
Secure Communication – Server communication must be secured
Secure commnuication is another important factor to secure server.
- Use secured FTP ( SFTP ) (port 22) instead of using simply FTP for communicating with servers via FTP clients like FileZilla.
- Use SSH because it is a cryptographic network protocol and can operate networking services securely over an unsecured network.
- Use POP3S/SMTPS/IMAPS for email connections.
- If you can, you must use VPN.
- Setup firewall to monitor and control incoming and outgoing connections.
- Use encryption if possible.
- Avoid using public internet or public computers to access your servers
- Install SSL ( Secure Sockets Layer ) for all the administration areas and hosted domains on your server.
- You can try Let’s Encrypt for installation of SSL certificates. Let’s Encrypt provides free SSL certificates to everyone to provide the secured environment.
Automate Security Updates
Try to automate security updates on your server to keep your server up to date. Avoid other packages updates if you don’t want to update them. Enabling only automatic security updates will minimize risk.
Add User Account to limit the access
When you install any OS on your server, you will be assigned root access to that server. Root will have privileges to execute any command which can cause severe issues with your server in the worst case. Sometimes a command that has been executed accidentally can disrupt the working of the server. To avoid this, first of all, add a user account to limit access of commands. If you want to allow the user to execute administrator commands, you must add it to ‘sudo’ group. Further, if someone gains access to your root, you may lose your server’s data and information.
Use root account only when it’s required. Try to disable access to root account via SSH, and enable it only when required.
Restrict access to different directories. Use access control to allow the user to access his own directories only.
Enforce Strong Password Policies
If you are using any commercial application like Plesk or cPanel, you must enforce the policies to use strong passwords for the users. Regularly conduct password audits & recommend the users to use complex passwords.
Use encryption for the sensitive information wherever possible. Encryption converts data into an illegible form which protects data even if it has been stolen. Use advanced encryption algorithms.
Firewalls monitor incoming and outgoing traffic on your server, it must be enabled.
Default users for MySQL, CMS (any CMS you use) or any default access settings must be removed. Apart from these, keep records of traffic to avoid spamming & DDos.
Note: You can contribute to this article by sharing your ideas in comments.