Protect your Server
When thinking about website security, it can be easy to focus your efforts on the website itself. While this is understandable, you also need to think about how to secure your server from hackers. Here is a quick guide to help.
How to Protect your Server from Hackers?
When looking at how to secure your server from hackers there are seven key points you must address. These are as follows. Stay on point with updates. Monitor your server logs. Keep your use of software to a minimum. Block first, filter afterward. Hide all version information. Trust keys rather than passwords. Manage and monitor your users.
Stay on point with updates
It is absolutely impossible to overstate the importance of checking regularly for updates to any and all software you use on your server. In fact, if you’re using open-source software, you may even want to create a Plan B to ensure that your software continues to be updated even if it goes out of favor with its current development community (or to change it out in that situation).
It’s fine to test the updates before you apply them, but you want this done promptly so the updates go on the server as quickly as possible.
Monitor your server logs
The logs exist to let you see what is going on with your server but they only have any value if you actually use them.
Keep your use of software to a minimum
Every piece of software you put on your server is a potential attack vector. It, therefore, follows that the less software you have, the fewer attack vectors are open to attackers.
It also follows that you’re going to be less exposed to issues with missed updates. Let’s be honest, the more software you use, the more software you have to update, and the more chance there is that you will miss an update.
Last but not least, the more software you have the more likely it is that you’ll end up having to deal with the issue of software dependencies, in other words, piece of software A only working (as expected) if you also have piece of software B.
If you already have a working server, take a long, hard look at it and ask yourself what software you need and what software you want and get rid of everything else. If you’re building a server from scratch, then think carefully about what you really need and what you really want and only install those items. Remember, you can always add software later if you discover a legitimate use for it.
Block first, filter afterward
On a similar logic, all network ports should be blocked unless there is a reason to keep them open. When you do need to keep them open, you need to filter and monitor both inbound and outbound traffic. Be prepared to fine-tune your firewall settings so that you balance the need for robust protection with the need to minimize false-positives.
Hide all version information
This may be the most tedious task in the whole of cybersecurity, if not IT security, but it’s also one of the most essential. Just about every piece of software you use provides its version information by default. That’s everything from your operating system to your plugins via themes, forms, galleries, and basically anything else on your server.
The reason they do this is that this information is really handy for troubleshooting. The reason it’s really handy for troubleshooting is that it gives you a lot of detailed information about what you can expect from that specific version of the software. Hackers find this useful too. You, therefore, need to hide it, all of it, so that it’s available to you but not to them.
Trust keys rather than passwords
SSH keys are much longer than regular passwords plus they contain special characters (along with regular alphanumeric ones). This makes them much harder to guess then regular passwords, even genuinely unique and strong ones.
You can make life even harder for brute-force attackers by slowing down the speed of key authentication to slow down the rate of brute-force guessing attempts and by blocking IPs which generate too many failed password attempts.
Manage and monitor your users
Last but not least, remember that threats can come from the inside as well as the outside. You need to vet anyone who has access to your server and then you need to work on the basis of “trust but verify”. If this sounds harsh, remember that issues can be caused through ignorance or because a person has fallen victim to social engineering, rather than just through malice.
Please click here now to have your website scanned, for free, by cWatch from Comodo.
Removal
Security stack layer 1
Malware Detect & Removal
Our malware detection scanning, preventive methods and removal enables you to take a proactive approach to protect the business and brand reputation from malware attacks and infections.
- Unsuspecting websites get infected with malicious code.
- Continuous website monitoring to detect any incidents.
- Identify and remediate the cause to hardening your websites.
Comodo cWatch Web can identify malware, provide the tools and methods to remove it, and help to prevent future malware attacks at the edge before it hits the network, included as a paid member.
By clicking the button below, I agree to the Terms of Service and Privacy Policy. Already have an cWatch account? Sign in here
Response
Security stack layer 5
Cyber Security Operations Center
Our exclusive C.S.O.C. is staffed with certified security analysts to monitor, assess and defend websites, applications, databases, data centers, servers, networks, desktops and other endpoints.
- 24 / 7 / 365 security monitoring using state-of-the-art tech.
- Engage clients of complex threats to resolve the issue.
- Real-time web traffic monitoring and proactive incident fixes.
C.S.O.C. checks for threats, identifies and analysis then performs the necessary actions to resolve the issue while offloading costs of in-house experts by using stack layer 3 to handle the heavy lifting.
By clicking the button below, I agree to the Terms of Service and Privacy Policy. Already have an cWatch account? Sign in here
Intelligence
Security stack layer 3
Security Information • Event Management
S.I.E.M. collects logs and events the network traffic and web assets, security devices, operating systems, applications, databases, and reviews the vulnerabilities using artificial intelligence to process.
- Reduces billions of events into prioritized threats real-time.
- Identifies changes in network behavior with activity baselines.
- Flows data searches in real-time streaming or historical mode.
S.I.E.M. senses and tracks significant threats to links to all online supporting data and context for easier investigation. While anomaly detection to identify changes associated with the network safety.
By clicking the button below, I agree to the Terms of Service and Privacy Policy. Already have an cWatch account? Sign in here
Prevention
Security stack layer 4
Web Application Firewall
W.A.F. by Comodo eliminates application vulnerabilities to protect websites and web applications against advanced attacks including Denial-of-Service (DDoS), SQL Injection and Cross-Site Scripting.
- Destroys malicious requests and thwart hack attempts.
- Protection to account registration forms and login pages.
- Malicious bots and brute force attacks are block and patched.
Combined with malware scanning, vulnerability scanning and automatic virtual patching and hardening engines provides robust security is fully managed for Comodo cWatch Web customers.
By clicking the button below, I agree to the Terms of Service and Privacy Policy. Already have an cWatch account? Sign in here
Performance
Security stack layer 2
Add a network of globally distributed servers designed to boost the speed for websites and web applications by transferring content to your user based on their proximity to the nearest CDN web server.
- Proven to increase search engine rankings and site scores.
- 29 worldwide CDN node locations to reach your users.
- Save your bandwidth by leveraging CDN browser caching.
CDN serves your users your website content with virtually unlimited capacity. Giving you the freedom to focus less on site maintenance, more on scaling the uptime of your traffic and target audience.
By clicking the button below, I agree to the Terms of Service and Privacy Policy. Already have an cWatch account? Sign in here
Compliance
Security stack layer 6
Payment Card Industry • Data Security Standard
PCI • DSS ensures that your customers' cardholder info is kept secure from security breaches through a meticulous scan of your network and applications to identify and fix security vulnerabilities.
- Simple and automated way to stay compliant with PCI • DSS.
- Pass the requirements for the 12 points PCI • DSS standard.
- Schedule on-demand PCI scans to report quarterly results.
Establishes and implements a firewall, hardens your environment, disables unnecessary services & configures system parameters to prevent misuse, ensures system audit components are protected.
By clicking the button below, I agree to the Terms of Service and Privacy Policy. Already have an cWatch account? Sign in here
© 2024 Comodo Security Solutions, Inc