When you setup a new server, it takes just 5 hours before it starts receiving attacks. A developer’s primary concerns revolve around getting their application to run, getting some component in the application to work properly etc. It is however equally important to safeguard the environment your app is going to run in to avoid catastrophic consequences.
Here we have a look at the most basic principles that should be applied on any server running online. Its safe to.
1. Harden SSH
SSH is the basic way you’ll use to access your server. You can secure your SSH connection to the server by:
- changing default ssh port. The ssh configuration file will help facilitate this. Access it at /etc/ssh/sshd_config and define a new port other than default port 22 then restart sshd service to effect changes.
- disable password authentication and enable ssh keys. Use ssh keys to login to your server. You’ll find it not only convenient but also adds some security in that, it prevents anyone malicious from trying to login in several times by guessing passwords.
2. Configure a firewall
A firewall is the most crucial and first line of defense. It is to your server like a good fence round a house – keeps away most of the intrusions. You should configure your firewall to block ALL ports on the server not in use. Eg if you are running a remote MySQL database server, the only two ports you need open are the database port and SSH port as you may need access to the server via SSH. All other ports should be closed. If you need to access your database via an application eg phpMyAdmin, configure it and open only the port needed, which is 80 or 443 for http(s) requests.
A firewall also blocks any IPs that try to make several attempts to access the server. It can also be used to allow only specific IPs to access the server or service.
There are a number of good firewalls available for all types of systems. The one I personally like is ConfigServer Firewall – which makes use of iptables. Installation instructions for csf can be found here: https://download.configserver.com/csf/install.txt
3. Configure SSL/TLS
You can be sure SSH and SFTP are already secure as they encrypt every transaction between client machine and server. But what about all other services that don’t use SSH such as web access, db access or any other communication between your server and client machines? In comes SSL/TLS. This is an encryption technology that handles data in transit – communication between client application and server. It is very crucial for this to be encrypted as failure to do so means your data maybe tapped while in transit. With SSL/TLS encryption, even if data is tapped, its useless to the third party as its highly encrypted to decrypt.
4. Install RootKit Hunter
RK Hunter is a fantastic file auditing and root kit finder for your server. It checks the current status of files and compares with the previous status and warns you if it detects a change. There are some files you don’t expect to change everyday hence a change in them could indicate compromise. Additionally, it searches for common root kits installed on your server. A root kit is basically a software that allows a third party to gain root access to your server. They literally take over your server and can do anything. You can’t have this risk! You can find a guide on how to install and configure rkhunter for you linux distro online.
5. Audit services
This involves identifying which services are running on your VPS as well as what port and protocol they are using. This helps in determining what should stay open and what needs to be closed. The rule of thumb is that you should only allow services that are needed to run. This means you will only open the needed ports and allow needed protocols. Everything else should be closed on the firewall.