Top 3 Tips to Boost Your Linux Server’s Security – HostNamaste.com
There is no denying it – security matters. It’s for that reason that you should take care to properly secure your Linux server from the many threats that are floating around online. And, you should do it from the immediate server deployment; securing a server after it has been compromised is of little use. Below, we will list a few different things you can do to help secure your server, and keep the bad guys (and bots) away!
1) Harden SSH
SSH is a very powerful tool. You need to secure it. We suggest setting a custom SSH port (other than 22) at the very least. This will provide some basic protection against people just popping in your server’s IP address, username (defaults to “root”), and of course the password. By no means does this provide the ultimate SSH protection, as dedicated attackers or bots may well scan for your unique port. If it viable to you and your situation, restricting SSH access to only IP addresses that need to access it is ideal (i.e., your office IP address, home IP address, etc.). Make sure that you have a backup plan in case your IP address changes, for example, a serial console or IPMI.
2) Update your Operating System frequently
Do not be one of those people that let hundreds of package updates build up before doing them, keep your update procedure regular! In most cases, it is as simple as running a “yum update” or “apt-get upgrade” depending on your Linux distribution. Ensuring that you have a backup of your important data is advisable, in-case one of the updates causes unexpected issues (i.e. an unbootable server).
3) Only let services run that need to be running
There is no point in having a mail server (i.e. Exim, Postfix) running if you never send emails. Similarly, there is no point in having a web server (i.e. Apache, Nginx) running if you are not hosting any content to be read by a web browser. The more services you have running, the more potential attack vendors you are vulnerable to, which is especially true if you have outdated software installed on your server (updates can and often are security related, i.e. they fix security issues).
Additional Tips:
- Implement Robust Firewall Rules
- Configuring iptables for Basic Security
- Enhance Authentication and Access Controls
- Implementing SSH Key-Based Authentication
- Setting Up Two-Factor Authentication (2FA)
- Limiting User Privileges and Using sudo Properly
Conclusion
HostNamaste’s Managed Dedicated Servers can help you with everything mentioned above, and much more, to maintain a secure server and ensure uninterrupted access to it 24/7/365. Reach out to us if you need our help.
