Dedicated Server Security Cheat Sheet

With some forethought and basic good practices, you can minimize the most obvious threats and keep the amateur hackers from having their way with your server. If they are going to attack your server, make them work for it.

Server security takes a lot of preparation and effort. One misstep can land you in a ton of trouble, and you always need to be prepared for the least-expected threats. There is no magic app or one-box solution to making sure your server run well. You could spend thousands of dollars on security experts and still only begin to scratch the surface.

Nevertheless, with some forethought and basic good practices, you can at least minimize the most obvious threats and keep the amateur hackers from having their way with your server. If they are going to attack your server, make them work for it. This little cheat sheet should give you an idea of best practices for basic server security.

1. Use Secure Passwords

It sounds foolish to even have to mention this, but even large corporations with millions spent on security still fall victim to employees with laughable passwords. While you hopefully know better than to have “password” as your password or use your niece’s name, there are many other ways to make your password more secure.

  • Whenever possible avoid dictionary words all together.
  • Use a combination of letters, numbers, and even other characters, when permitted.
  • Mixed case can also increase security.
  • Use a password unique to your server.
  • Change your password periodically
  • Never, under any circumstances, give your password to anyone else.

2. Secure File Transfer

If you are moving sensitive information from your computer to your server, it is a good idea to use a secure method. FTP is not secure. It is sufficient for general files, but if the data is confidential, use SCP, FTPS, or SFTP. When you are managing your server, use SSH for secure shell access. With these methods, the data is encrypted when it is sent over the Internet.

3. Security Updates

Many server attacks could have been prevented if the system administrators had bothered to keep the operating systems and software updated. Most of it is automated anyway, so it should not bother you too much to run updates. With Linux servers, it only takes a single command to update the OS and all of the installed packages. It could save your server and your business.

4. Watch Those Permissions

Some scripts call for world-writable access (666 or 777), but these permissions are rarely actually necessary. Having configuration files and other important data exposed in this manner is asking for trouble. It does not take much for a hacker to hijack a vulnerable script. Moreover, permission watching goes beyond scripts. MySQL databases, system directories, and other non-user-owned files should be off-limits to users. A user should be jailed to his home directory and not have access to anything else.

5. Check Scripts for Flaws

The list of threats to dynamic server-side scripts is long, and while one solution might be to insist on only static websites, that is not very practical. Check any script you or users on your server install. There are plenty of vulnerability checkers available for free on the web. You should also make sure you keep content management systems and shopping carts up to date with the latest security fixes.

6. Watch Your Logs

Sometimes you can catch attackers in the act, but that requires you to frequently watch your server. Monitor your logs whenever possible. You can setup scripts and use monitoring services to even alert you of suspicious activity. Consider using iPhone or Android monitoring apps if you are the type who is always on the go. Some server hosts, like dedicated web hosting company, will even offer you log-monitoring tools. If something does go wrong, your logs are the first place you should look for clues.

There are plenty of other things you can do to secure your server, like adding network and application firewalls, rotating encrypted passwords, and more. If you can afford a security professional, get one. Otherwise, read the literature, keep your server updated, and be consistent.

Guest post by: Tavis J. Hampton is a librarian and writer with a decade of experience in information technology, web hosting, and Linux system administration. His freelance services include writing, editing, tech training, and information architecture.

Subscribe to WebmasterFormat RSS Feed Follow WebmasterFormat on Twitter