5 Simple Security Measures to protect server

5 Simple Security Measures to Protect Server

Overview

When you get the task to setup server. You are a primary concern is to make your server secure from outsiders or hackers. Because if someone able to enter server he will destroy all your important data. Whenever setting up any new server first thing you can do is to secure it from others.

In this article, I am trying to cover up some important security measures which can help you to protect the server. I am providing some simple options which will protect server which won't accessed from others.

Let's find what are these security measures and how it will help to make a server secure?

1. SSH Key Based Authentication

The first thing we do when the server is ready that we login to the server with SSH access. This is the main thing that you should secure from outsiders. Because when someone will success to login into the server then you don't know how much he will damage your system.
When the server is the ready first thing you can do is disable the password based authentication from the server.

If you think you are using a strong password to login as SSH then you are making a big mistake because the craking password is not big deal from hackers.

You can only stop them by disabling Password authentication. You can disable it through "sshd_config" file.
SSH Key Based Authentication is the best way to block access for unknown users.

Advantages of SSH Key Based Authentication,

  • More secure option than any other login techniques.
  • No need to remember or save the password or maintain password sheet.
  • Use for automated login in shell scripts
  • Stronger identity checks through private keys
  • Secure server with unauthorized access

I have already made an article on SSH Key based authentication if you think it will help you then go through the below link and make your server secure from SSH end.

READ : 5 simple steps for key based authentication SSH

ssh-key1

2. Disable Root User

The second important thing you can do is disable root user login on the server. Every SysAdmin likes to work on the server when he has full access to a server like a root login. If you have root access you can do anything on a server with full privileges.

Think once if someone who does not belong to your organization and gets the root credentials of the server. You can't even think how much your system will be damaged or you need to pay some ransom to get your data back from him.

Always make a habit when setup new server disables the Root user and create a normal user to login on the server. When you login on the server as a normal user then use sudo or su to login as root user. This is definitely secure server from directly hacked by root access. You can disable root user from sshd conf file.

Before disabling root login on the server make sure you will create normal user on the server. You can follow below article which will help you to create a normal user on the server.

READ : Normal User SSH Access on server

To disable root login follow below simple step.

vim /etc/ssh/sshd_config

##Change below line
#PermitRootLogin yes
##Change To
PermitRootLogin no

save and close the file.

Restart ssh service,

$ /etc/init.d/ssh restart

3. Block Unnecessary Ports Outside Company Network

Once you secure server from SSH end. Now we can check out the power of iptable or firewall which we will come default with the server. You don't need to pay the extra amount for firewall security. System firewall will fulfill all the requirement from security purpose. This is very strong security which you can implement on the server.

Before implementing make sure you have good knowledge about the security rules or iptable rules. Because if you write any wrong rule on the server it will sometimes block you on the server. So read all the rules carefully before saving any rule on iptable.

Lots of time people will ignore iptable and stop this service because some their application won't work or blocked by iptable rules. This is the wrong approach to run your application because might be it will work by stopping the firewall. But definitely compromised by security. You will unknowingly open the doors to hackers to enter your system.

Setting up iptable rule is not much hard just go through all rules before saving file. As security perspective, you can block the SSH port 22 outside your organization network.
This is the best practice to secure your server from outside access.

Allow Incoming SSH from Specific IP address

$ sudo iptables -A INPUT -p tcp -s 10.25.26.0/24 --dport 22 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT

$ sudo iptables -A OUTPUT -p tcp --sport 22 -m conntrack --ctstate ESTABLISHED -j ACCEPT

The second command, which allows the outgoing traffic of established SSH connections, is only necessary if the OUTPUT policy is not set to ACCEPT.

ssh-firewall

4. System Package Update

Keep your system up to date with installing updated package is the best precaution to secure your system. Software package update will fix the bugs and from critical vulnerability.

Sometimes some of the package affected by bug or vulnerabilities. It's your duty to update your system on the weekly or monthly basis.
It helps you to secure your server from bugs and critical vulnerabilities.

5. Remove Unused Services

Most of the linux distros come up with running network service which listens for an incoming connection from the internet. Blocking such network services will help to maintain server security on network level as well. You can see all the running network services with "netstat" command.

You can stop some of the services which are not used or required. Check running service with below netstat command. it will provide all TCP and UDP services.

$ sudo netstat -tulnp

These are some basic practice to protect your server from unknown users.

If you have any tip which needs to be included in the list. Please comment it in our comment box. I hope you like the article if you find any difficulties implementing it on Linux then please do comment your queries or problem via the comment section, till then stay tuned to techthings.org for more such valuable articles.

Leave a Reply

Your email address will not be published. Required fields are marked *