Have you rented a VPS? We congratulate you on your profitable investment. And we hasten to warn you: everyday hackers are looking for new victims on the web. If you don’t protect your virtual private server, your e-commerce site or customer base could become a target for cybercriminals. What steps should you take to be sure your hosting site is secure?
General tips
VPS can be hacked with enough time and knowledge. But administrators can reduce the risks of successful attacks. Sophisticated malicious programs have a negative impact not only on the local computer. They traverse the network, affecting other systems. Data stored on the local server can be exposed by attackers. Therefore, before choosing a provider, you should visit website to find out what security measures are taken by the hoster to ensure the safety of the infrastructure. Even if you are satisfied with everything, you should not relax. As the saying goes, “God helps those who help themselves. Therefore, a lot will have to do yourself to secure the server from criminal attacks:
- Don’t ignore updates to the software you use
Each new version of the software is fine-tuned by the developers. And one of the parameters that are always emphasized is security. The new code, unknown to hackers, will make intruders work hard. Or even keep them off the server. A good practice is to test updates on a backup server. Checking software should be done before it is uploaded to a working environment.
- Use licensed software
Although you can find open-source, free, accessible software for every taste in libraries, it is better to download applications from official sites. Otherwise, you risk getting malicious scripts along with useful programs into the server environment. And this undermines the security of your infrastructure.
- Limit services
If you do not use domains or services, it is better to shut them down. Deactivated, they will not be a source of potential threat. This step will strengthen VPS protection and reduce the risk of attacks because it is impossible to attack a disabled domain. And vice versa. Every working service is a potential object for an attack. If you use some tools periodically, for example, FTP, do not forget to disable them after work is completed.
- Enter a safe use policy
Unique accounts with restricted rights must be created for all users with administrator access. If a failure is detected due to the fault of the users, it will be easy to detect a malicious user. And restricting permissions will allow you to cut off an intruder’s access to restricted services. Don’t forget to delete user accounts that stop working for the company.
- Be careful with privileges
For remote users working with documents over the Internet, you should set the lowest privileges.
- Backup
Set up automatic backups of data from the server. Even if a hacker attack happens and the web resource goes down, it can be recovered in a secure environment without going online. This will help save data and review security.
- Log monitoring
Event log monitoring allows you to detect authentication failures, failed downloads, and common threats. Data analysis allows the administrator to get complete information about the activities occurring on the server. Of course, ISP administrators monitor activity on servers. However, website owners are advised to monitor their resources. The earlier an attack or failure is detected, the less chance an intruder has of getting in.
- SFTP instead of FTP
Secure data transfer protocols are the preferred choice. Encrypted information, even if it falls into the hands of intruders, will require them to invest time and effort to decrypt it. In the meantime, the administrator will be able to detect a data leak and take measures to protect the web resource.
Securing Linux
Let’s take a closer look at effective security measures for the Linux server environment:
Block access with a firewall
You can protect your server from intruders by activating and configuring a firewall. There are many firewalls available for Linux. These include
- UFW – simple software for beginners;
- IPTables – a firewall linked to the NetFilter firewall (which is part of the Linux kernel), enhancing protection;
- NFTables – a firewall in the Linux kernel that combines support for IPv4 and IPv6.
A properly configured firewall will check and prevent viruses from the WAN to the local network.
Secure remote connection
Data transfer should only be done using the SSH protocol. End-to-end encryption will allow traffic to be transmitted securely over a secure connection. But it is important to use the protocol correctly. We are talking about a secure login. Many users use a password to do this. This is not as secure as it sounds and it is not as hard to crack a password. Many users still use simple combinations. A safe alternative is to log in using SSH keys. Two keys for authentication will make intruders work hard:
- One key is suitable for user identification. The file can be in the public domain.
- The private key will serve to validate the public key and identify the user. It is recommended that it be stored in a secure location.
Blocking suspicious IP addresses with Fail2ban
Fail2ban scans logs and blocks IP addresses with signs of malware. Fail2Ban then updates firewall rules to reject questionable IP addresses.
Install IDS/IPS for intrusion detection
The program detects attacks by checking the data on the initial code and it after the attack. The system logs information about code changes, analyzes network traffic, and automatically blocks intrusion attempts.
Disable unused ports
Linux is installed with open ports. Some of them are needed for applications. Others are unused. Leaving unused ports open increases the unprotected area of the server, so disable them first.
Introduce a strong password policy
Unreliable passwords are easily brute-forced. Start using long and complex passwords, change all passwords periodically, resetting previous passwords.
Share disk space
Separate operating system files from user files. This will increase the security of the server.
Install an error scanner
If you have enough time, perform manual server scans and remove any malicious files and applications. For example, install a Linux malware scanner.
Summary
We have listed a small number of tools to protect VPS from attacks. However, even these measures will significantly increase the security of the virtual private server and the sites hosted on it.
