Protect your Server
When thinking about website security, it can be easy to focus your efforts on the website itself. While this is understandable, you also need to think about how to secure your server from hackers. Here is a quick guide to help.
How to Protect your Server from Hackers?
When looking at how to secure your server from hackers there are seven key points you must address. These are as follows. Stay on point with updates. Monitor your server logs. Keep your use of software to a minimum. Block first, filter afterward. Hide all version information. Trust keys rather than passwords. Manage and monitor your users.
Stay on point with updates
It is absolutely impossible to overstate the importance of checking regularly for updates to any and all software you use on your server. In fact, if you’re using open-source software, you may even want to create a Plan B to ensure that your software continues to be updated even if it goes out of favor with its current development community (or to change it out in that situation).
It’s fine to test the updates before you apply them, but you want this done promptly so the updates go on the server as quickly as possible.
Monitor your server logs
The logs exist to let you see what is going on with your server but they only have any value if you actually use them.
Keep your use of software to a minimum
Every piece of software you put on your server is a potential attack vector. It, therefore, follows that the less software you have, the fewer attack vectors are open to attackers.
It also follows that you’re going to be less exposed to issues with missed updates. Let’s be honest, the more software you use, the more software you have to update, and the more chance there is that you will miss an update.
Last but not least, the more software you have the more likely it is that you’ll end up having to deal with the issue of software dependencies, in other words, piece of software A only working (as expected) if you also have piece of software B.
If you already have a working server, take a long, hard look at it and ask yourself what software you need and what software you want and get rid of everything else. If you’re building a server from scratch, then think carefully about what you really need and what you really want and only install those items. Remember, you can always add software later if you discover a legitimate use for it.
Block first, filter afterward
On a similar logic, all network ports should be blocked unless there is a reason to keep them open. When you do need to keep them open, you need to filter and monitor both inbound and outbound traffic. Be prepared to fine-tune your firewall settings so that you balance the need for robust protection with the need to minimize false-positives.
Hide all version information
This may be the most tedious task in the whole of cybersecurity, if not IT security, but it’s also one of the most essential. Just about every piece of software you use provides its version information by default. That’s everything from your operating system to your plugins via themes, forms, galleries, and basically anything else on your server.
The reason they do this is that this information is really handy for troubleshooting. The reason it’s really handy for troubleshooting is that it gives you a lot of detailed information about what you can expect from that specific version of the software. Hackers find this useful too. You, therefore, need to hide it, all of it, so that it’s available to you but not to them.
Trust keys rather than passwords
SSH keys are much longer than regular passwords plus they contain special characters (along with regular alphanumeric ones). This makes them much harder to guess then regular passwords, even genuinely unique and strong ones.
You can make life even harder for brute-force attackers by slowing down the speed of key authentication to slow down the rate of brute-force guessing attempts and by blocking IPs which generate too many failed password attempts.
Manage and monitor your users
Last but not least, remember that threats can come from the inside as well as the outside. You need to vet anyone who has access to your server and then you need to work on the basis of “trust but verify”. If this sounds harsh, remember that issues can be caused through ignorance or because a person has fallen victim to social engineering, rather than just through malice.
Please click here now to have your website scanned, for free, by cWatch from Comodo.
© 2024 Comodo Security Solutions, Inc