Server security is crucial for survival in today̵7;s world. Protecting your server from hackers armed with the latest exploits is an endless job, but there are a few steps you can take to catch most of the attacks that come your way.
Secure your server and protect valuable data
Protecting user and work data is an endless job. As hackers become more advanced and new exploits are found every day, more secure sensitive information becomes both more difficult and more important than ever.
Whether your important information resides in a database on your server, within a website code on the server side or in a file somewhere on your server, it is important to protect this information for you as a company and as a user. Even if you run a personal server, your information is important and if you do not take steps to protect this information, we ask that you give it away nowadays.
Let’s look at five ways you can protect your sensitive data and secure databases, accounts and files all at once with these security policies.
1. Configure firewalls for hardware and software
Configuring firewalls is an important step in protecting data on your server. Locking your network and blocking unnecessary access can prevent attackers from looking for targets and weak policies on your server and goes to great lengths to secure your sensitive data.
By setting up hardware and software firewalls on the edge of your network, which contain your servers, workstations, and other devices in your office or organization, you can prevent and allow external connections to enter your network (as well as prevent and allow connections to go out).
Your goal should be to configure your firewalls to be as exclusive as possible and block all incoming connections unless absolutely necessary. By only allowing incoming and outgoing connections through whitelisting, you can prevent hackers from accessing your server and workstations at all.
By blocking pretty much everything outside of port 80 and specific ports for services that you need public remote access to, you can prevent attackers from targeting weak services and inadvertently opening ports. You can then create whitelist entries for specific remote addresses that need access to services such as VPN, FTP, SMTP and more.
2. Implementation of encrypted VPN for remote access
VPN can be used to secure connections to important servers. Instead of connecting directly to your server via an open SSH port, you would connect to the VPN, which would make your home computer work as if it were connected to the private network that your servers are on. This allows you to keep ports and services private, but still access them over the internet when you are on VPN.
An encrypted VPN can add another layer of security between your remote user and your server, which helps curb hackers who may try to crack passwords or exploit open, Internet-accessible ports.
VPN is a good way to secure the attack vector in open ports. You can read our guide on how to set up OpenVPN to learn more.
3. Apply strong password policies and MFA
Creating strong password policies is an integral part of securing your server. Whether you work with administrative logins, SQL logins or application logins, you protect your data with unique passwords and usernames your data and can dampen a number of different attacks that depend on weak and guessable passwords.
If the passwords are weak, most security measures will not help protect your server. If you have an administrator account or SQL database with a simple password, hackers can easily log in to your server.
Passwords should contain at least 12 characters and contain a mixture of letters, numbers, punctuation and capital letters. However, it is recommended that instead of a complicated password like Th1sIsMyP @ ssw0rd! 321, which is hard to remember, security staff now recommend long, multi-word phrases like MyDogsNameIsBobAndHesGreat84, which are easier to remember and are even safer with the extra length.
In addition, implementation of multifactor authentication, or MFA, which protects credentials by incorporating a second or third authentication method, helps protect valuable logins and confirm user activity with an additional text message or email.
4. Install SSL certificate to protect data transfer
Incorporating SSL certificates into websites and control panels can encrypt and hide traffic between your users and your website; secure logins, payment information and other sensitive information on your server. They are free or very affordable and can be implemented quickly.
SSL certificates use private and public keys when issued by a trusted issuer or CA. These keys protect encrypted data and packets transmitted between users and your server, giving end users peace of mind that their data is secure and not easily captured. Private keys authenticate your server as the real owner of the site’s certificate and automatically create secure connections.
You can read our guide to setting up free LetsEncrypt certificates to learn more.
5. Monitor logs and track logins and events
Monitoring and recording logs helps you protect your server by providing valuable insight into traffic patterns, application errors, and failed login attempts. This information can help you integrate better security policies, identify and block attackers, and give you a better understanding of how your server is targeted and attacks being exploited.
Creating event logs, advanced error logs and monitoring of failed login attempts is crucial for security today. While looking over the secure logs of the server, this information can give you an understanding of how potential attack vectors are exploited. You will quickly notice unsuccessful “admin” login attempts and IP addresses that make many requests. With this information, you can set up scripts to automatically block IP addresses that have made failed login attempts, find automated programs that force your websites or databases, and identify intrusions and their origins.
You can read our guide on how to create a log management tool to learn more.
Where do we go from here?
These 5 policies to protect your data will go a long way in securing information and locking your server security, but these are not the only steps you need to take.
Security never stops, and taking steps to stay up to date with the latest threat landscape, testing and implementing new security policies, and taking an active role in your server security can protect you or your organization and save time and money when a compromise happens.
Most companies think they are safe until they have problems. Small businesses are also targeted or exploited in broad networks by automated attacks. Taking these first 5 steps will give you the peace of mind you need as a system administrator. Incorporate them today and watch out for the next security policy you implement!