15+ VPS Server Security Tips

Advertisement

Responsive Ads Here
Home

15+ VPS Server Security Tips

Tuesday, October 8, 2019
October 08, 2019
Comment

Also Read

15+ VPS Server Security Tips - Hallo Dear, elisa-head.blogspot.com, This article that you read this time with the title 15+ VPS Server Security Tips, We have prepared this article well for you to read and retrieve the information in it. hopefully the contents of this article VPS, we write can be understood by you. Alright, happy reading.

Title : 15+ VPS Server Security Tips
link : 15+ VPS Server Security Tips


15+ VPS Server Security Tips

[ad_1]

VPS server security requires further settings to be more secure. Finding the appropriate security settings for VPS with the Linux operating system is a fairly important task. Just a little can make your VPS easy to break into and be accessed by people who are not responsible.


Reducing the risk by doing some small business can help you maximize the security of VPS servers. Not only that, you can also develop and expand the functionality of Linux VPS to be more reliable.


There are at least more than 15+ VPS server security tips that will be discussed in this article, namely:


  1. Use SSH to enter the server
  2. Change the port to log in to SSH
  3. Use complicated passwords
  4. Disabling the root account
  5. Maintain the latest security updates
  6. Avoid downloading software except from trusted sources
  7. Disabling unused network ports
  8. Uses GnuPG encryption
  9. Configure the firewall
  10. Use SFTP next to FTP
  11. Make the / boot folder read-only
  12. Enable automatic CMS update
  13. Install anti-malware / antivirus
  14. Enabling cPHulk if using WHM
  15. Block anonymous access to FTP
  16. Install the rootkit scanner

The following are each explanation.


15+ Server Security Tips on VPS


Each of these VPS server security tips is not required to run at all. You only need to adjust to the environment used on the server and required by the application to be installed.


1. Using SSH to enter the server


The safest way to log into a VPS server remotely is through Secure Shell (SSH). A network protocol that is equipped with cryptographic encryption to run services on the network. So a connection using SSH will be safer than using other methods.


The SSH protocol offers you a high level of encryption and you can receive insecure traffic right away to be safer.


So far access using SSH to the server is the best choice. Besides being lightweight, it's also safer.


2. Change the port to log in to SSH


The second way is to change the port to log in to SSH. As is well known in general the default port for SSH is 22. So it would be better for you to change it so that not just anyone can find out.


By changing the default port, it will be difficult for others to log in without knowing the custom port that you have created. In addition, changing the SSH port can also prevent malicious scripts that attack directly to the default port.


If you want to change the SSH port on VPS, you only need to access the SSH configuration file (/etc/ssh/sshd_config) or according to the operating system you are using. Then find the line to set the port and you can change it according to the port you want.


However, make sure that the port you are using does not collide with another application because it uses the same port. If in one system there are two applications that can cause the same error in the VPS.


3. Use a complicated password


A weak or careless password can become a nightmare. Because the password is the biggest threat in the world of online security. So don't use a password that is easy to guess, for example 'abcde', 'Indonesia'. 'Revolution', and such.


You can improve the security system using a password that consists of a combination of lowercase and uppercase letters. In addition, to avoid words in the dictionary you should also add numbers and symbols to the password.


You can also add password aging or notification automatically to the user to change the password periodically.


No less important, you also need to activate the blocking system to users who make repeated login errors. This is to anticipate the threat of brute force that could be attacking the server.


4. Disabling the root account


Besides changing the SSH port, one of the important things before releasing the server is to deactivate the root account. Because the root account has sufficiently wide access and is free to open anything in the system.


Surely this is a pretty dangerous thing if there are users who can access the root without the knowledge of the system admin.


You are advised to create a unique user account for each service that runs on Linux VPS. Then each user that you create must include permissions to do the job.


Apart from access to their duties, users are not permitted to access other parts. So this can minimize errors made by one user and cause damage to the system as a whole.


Finally, you also need to deactivate all user accounts that are no longer needed or do not have tasks in the system.


5. Maintain the latest security updates


Hackers can easily search for information and potential backdoor and security holes in various kinds of software.


Developers and security experts carry out security updates to combat incorrect security practices.


We recommend that you check the software updates at least once a week. So when there is a device update you can immediately process it so that the server is more secure.


Major Linux releases are available in repository storage and mailing lists. This makes you easily download and install only patches only security is needed.


6. Avoid downloading software except from trusted sources


Sometimes the required device is not available on the server so you have to install it from outside. However you need to be careful because retrieving installation files from untrusted sources is very dangerous.


If you want software that is quite specific and you are quite familiar with source code provided, you can process it. Conversely, if there is a risk that software can damage the system, you should undo the intention to install it.


7. Disabling unused network ports


One of the other tips on securing VPS servers is to disable unused ports on the server. Network ports that are open and not used by the system can easily be targeted by hackers.


Therefore, you need to deactivate the port in order to protect the server from attack.


Use an application such as the 'netstat' command to see a list of currently open ports and services which is related. You should also consider using ‘iptables’ so you can close open ports using ‘chkconfig’ to disable unwanted services.


If you use a firewall like CSF or something, you can optimize the potential for using rules in iptables.


8. Uses GnuPG encryption


Hackers sometimes target data that is being exchanged on the network. This is the reason why it is necessary to encrypt every transmission of passwords, keys, and certificates during the data exchange process.


One tool that is quite popular in carrying out this task is GnuPG, a key-based authentication system that is used to encrypt every communication. This tool uses a public key (public key) which can only be disassembled using a private key (private key) owned by the recipient.


9. Configure the firewall


One of the important things that you need to do to secure the server is to configure the firewall.


You must set the server to use some port usage rules. Even so, there are some services (services) which requires multiple ports must be active so that the service can run.


So your firewall rules so that they can direct each application or program to use certain ports without having to interfere with other services.


That way, this setting allows you to avoid various kinds of security breaches and optimizations from the system you are using.


10. Using SFTP in addition to FTP


One of the most commonly used data exchange applications is File Transfer Protocol (FTP). Applications have long been used to send and retrieve from two remote systems. No kidding, this application has been used since 1985 and now it is not safe enough.


Every application requires authentication to send plain-text. Therefore, hackers can learn and read details log between Linux VPS and client on the local computer.


However, there is no need to worry because there is a development from FTP namely SFTP. You can use SFTP for free because it is part of the SSH application available on the server.


Although in general SFTP tasks are the same as FTP, SFTP uses an encrypted protocol basis so that data exchange is safer.


11. Make the / boot folder read-only


One of the efforts to prevent the folder from being read by anyone is to make it read-only. This applies to the "/ boot" folder settings on a Linux system.


However, the default access level of the "/ boot" directory is "read-write". So to anticipate this kind of thing, you need to modify the files in the folder. This is important enough so that your server can run safely and comfortably.


To do this, you only need to edit the file inside "/ edit / fstab" and add "LABEL = / boot / default ext2 boot, ro 1 2" in the below section.


Or, if possible you can make some changes in the kernel for the long term.


So through this process you can easily restore the settings to the default 'read-write' mode. Then you can make it read only when you have successfully changed it.


12. Enable automatic CMS update


Hackers are always looking for security holes in software, especially on websites that use a Content Management System (CMS). For example, some well-known CMS, including Joomla, WordPress, and Drupal.


Because of the many hacker attacks that often look for CMS security loopholes, most of the CMS continue to update so that hackers cannot penetrate the security of the website.


Therefore, updating the CMS version that is used regularly is mandatory. You can also set updates automatically. That way, you won't forget to update the CMS that you use even when you are busy.


13. Installing anti-malware / antivirus


One of the goals of having a firewall is to prevent access from dangerous traffic sources. This method is quite effective as a layer at the forefront of server security.


There are many news servers that don't have a powerful firewall installed and this is a mistake. The most common reason is because it does not want to pay more to buy anti-malware / antivirus software.


Understanding as above certainly needs to be rectified again. Buying an antivirus is a preventive measure against online attacks. The cost you spend to buy an antivirus is certainly far cheaper than your server burglarized by irresponsible people.


14. Activating cPHulk if using WHM


If you use WHM, cPHulk is usually already available in it. This is an add on that is quite well-known for managing firewalls on a website server.


Firewalls are safe enough, but relying on one layer of security is sometimes not enough. Because so many types of attacks that can enter the server.


Well, one of the advantages of cPHulk is its ability to overcome the threat of brute force attacks.


cPHulk plays a role like a second security defense. Anticipate brute force attacks that repeatedly try to log in randomly to the server.


15. Blocking anonymous access to FTP


If you have a new server and install an FTP server, sometimes unknown users can easily access it. So you need to deactivate it first.


For those of you who use cPanel or Plesk take it easy because this feature has been disabled so that foreign users cannot access and upload files.


Allowing unknown users to be able to upload files to the server using FTP is very dangerous. Because anyone can easily upload anything to the server. So it is not recommended.


16. Install the rootkit scanner


Rootkit is one of the settings under the operating system (OS), under the software, and its activity is almost undetectable by the server.


Luckily, you can use a tool called ‘Chrootkit’. This tool can find out which server information has been infected. However, rootkits are not a problem that can be easily removed. And the easiest way to overcome this problem is to reinstall the operating system.



Conclusion: VPS Server Security is Important!


Those were some of the VPS server security tips that you can apply on the server. Once again, you don't need to apply all of the above tips. Just select a few according to server requirements.


At least there are some tips that are quite important in securing a server, namely using a firewall, changing the default port, disabling unused ports, and using a more secure SSH connection.


Don't forget to subscribe to get the latest information about the world of technology, business, and digital marketing from us. Please leave comments through the fields below if you still have questions or other tips that may be more complete.






[ad_2]


Thus the article 15+ VPS Server Security Tips

So this article, 15+ VPS Server Security Tips hopefully can benefit you all. ok, see you in another article post.

You are now reading the article 15+ VPS Server Security Tips with the link address https://elisa-head.blogspot.com/2019/10/15-vps-server-security-tips_8.html