So you just got this brand new dedicated server and you want to make sure that it is protected enough so that criminals will not easily access your private information and hopefully move on to another target.
First things first. Realize that a server that connected to the internet will be attacked, the machine is vulnerable and EVERYTHING on the server is vulnerable to theft, (Credit card numbers, software, trade secrets, resources, etc)
These are the basic action steps you must make sure you have done on every computer you use, server, desktop, laptop, whatever.
STEP #1 - Use a Secure Password
You will hear this over and over again, “Use Strong passwords to protect your computer and services.
Don’t use the same password to protect your server.” And this is true you need to make sure you use a secure
password and make sure that you update your web hosting company whenever you change your password.
But, for many people the problem is remembering all those different passwords. Here are some tips you can
use to create secure long passwords that are also memorable.
Use passphrases come up with sentences that you know you will always remember. For example
“I have two brothers and one sister, they were born in New York” you can convert that to a
password/passphrase like this.
Ih2b&1s,twbiNY
if you check this password out at http://www.microsoft.com/protect/you…d/checker.mspx it will return a STRONG rating. If you want to have it become a BEST rating check out my next tip.
Create a two factor password. A two factor password is just a technique of creating a unique password for
each and every site or server you login to but still be able to remember each password.
So you already have your password that you created in the previous step. This is your key. The next step is
the hash. You can generate a hash, for example, by going to the website for which you are creating the password.
Use something unique to that website that captures your interest and you will be sure to notice the next time
you come back.
Lets say you are Logging into singlehop.com You might choose one
of the following
singlehop
SHC = SingleHop.Com
Poindexter
Frog
then choose a symbol to be used in all your passwords to separate the hash from the key, so it
might look something like this:
SHC#Ih2b&1s,twbiNY
Now you have a unique password for that site that you can easily remember. Check it out at
http://www.microsoft.com/protect/you…d/checker.mspx and you get a BEST rating.
Remember this isn’t the BEST way to secure your server, just the most basic.
STEP 2: Limit Access to Users,Services & Locations
Computers are capable of many actions and can offer multitude of services to your clients and
employees that they can access from anywhere in the world. But of course unless you protect yourself you
are also providing those things to those who want to use your server for their own purposes.
Ports are how these services communicate to the world. But not all the services you have need to be open
to the entire world. Attackers will scan machines in search for open ports to exploit. To protect yourself,
you need to make sure that you are only running services that you need to have running on a server in order
to keep your website up and be able to access it remotely.
If there are some services that you need to have running on your server but you don’t want to talk to the
rest of the world, definitely use a firewall. A firewall will block/allow ports access to and from the internet.
Once you have stopped running unneeded services, you have narrowed down the attack vectors someone
can come in through. Now you can better monitor those few openings rather than all 65353 ports on a server.
Also if there are services that not everyone should have access to, decide whether you want to limit those services
to only a few IP addresses. Your firewall can be set to only allow the IPs you choose to access those services.
There are also ways to better secure your server, by monitoring any attempts to break in and automatically blocking
attackers.
STEP 3: Always Get the Latest Updates & Patches for Your Server
As long as technology keeps changing there will always be holes and vulnerabilities and people looking to exploit them. Attackers are always changing the rules. So your operating system must always be on top of the latest changes. The other reason why you need to always perform the updates as an example, Microsoft has whats known as Patch Tuesday, the first tuesday of every month they release security updates and patches. Aside from protecting your computer from vulnerabilities, it shows attackers the holes and vulnerabilities they never knew about.
So attackers will grab the patches and reverse engineer those patches and create exploits they can use against servers that have been too lazy to update.
Linux Operating Systems are no different, they to always have updates and patches coming out but these are more frequent and unscheduled. The other added advantage of using a Linux based operating system versus a Windows Operating system (from a security standpoint) is , when you update a Windows server only the Microsoft operating system and a few key applications are updated and patched because they are maintained by Microsoft. Any third party apps you need to make sure they are patched and secure.
On the other hand though, when you update a Linux server all of the applications that got installed using the built in package manager will be updated. This makes things a lot easier.
So no matter what Operating system you choose to use the 3 basics you need to remember are
- Use Secure Passwords/Passphrases
- Limit Access to Services, Users & Locations.
- Always Get the Latest Updates & Patches for Your Server
If you need any help setting these up, please contact Singlehop Support
Luis Arauz
Data Center Manager
Singlehop Services INC