When you purchase a dedicated server or VPS, ensuring its security becomes your responsibility entirely. For a shared server, network security threats and their solutions are taken care of by the hosting provider. Still, when you’ve your own server, the responsibility rests entirely on your shoulders. In such a situation, you must implement all the necessary vital steps for server security. What are those steps? We’ll tell you about eleven simple steps that ensure a dedicated server/VPS’s security. Let’s begin!
#1. Keep cPanel and Plesk Secure Using SSL And an Antivirus
First of all, secure the communication between your control panel and server. There are two popular control panel software solutions in the world of hosting, namely cPanel and Plesk. You should ensure that the portals through which you access them must protect with an SSL certificate and a reputed antivirus. An SSL certificate purchased from a reputed Certificate Authority. RapidSSL certificates, Comodo SSL Certificates, GeoTrust SSL Certificates, Thawte SSL Certificates, etc. It secures that all the send data between you and your cPanel/Plesk. Its control panel is protected by encryption, so no one can steal it by capturing the data packets. Antivirus, on the other hand, protects against malware attacks on your server.
#2. Employ a Robust Password Policy
Many cyberattacks are successfully executed because you or your employees use weak passwords. Passwords that are easy to remember can be cracked easily either by someone snooping on your keyboard as you type them or by guesswork. And even if they’re not cracked like this, they can still be cracked with brute force attacks from special tools. That’s why you should enforce a firm password policy across your organization. Anyone who accesses the control panel or your website dashboard should use a strong password that is at least eight characters long and includes both numbers and symbols.
#3. Change the default SSH port
SSH stands for Secure Shell, a protocol for the execution of commands on a remote server. By using this protocol, anyone can execute commands remotely on your web server. By default, the SSH port listens to port number 22. However, for the sake of security, you should change it to some other port so no one can execute commands remotely on your server. Depending on whether you’re using a Linux server or Windows server, the process may vary. It may also vary depending on your hosting provider, but you should ensure that you find it out and do it to maximize your web server’s security.
#4. Immobilize compilers for cPanel users (non-root users)
A lot of times, servers get hacked because of compiler vulnerabilities. In case you’re not tech-savvy, a compiler refers to a program that compiles the software code into an executable program. All servers come with at least a C and C++ compiler, compiling the software code written using these languages. By default, compiler access is enabled for all users on the server. However, for greater security, you should disable it for non-root users (users who don’t have administrative access and privileges same as you).
#5. Immobilize unutilized network ports
Sometimes attacks come from the most ignored places. Even a network port lying unused on your server can give a gateway to cybercriminals. Therefore, you should permanently disable all unused network ports on your server to ensure that they’re of no use to anyone. When you need to use any of them, you can easily enable them back for the desired purpose, but don’t leave them unoccupied if you want to ensure your dedicated server/VPS security.
#6. Disable IPv6
IPV6 is the latest standard of IP addresses. However, a significant shortcoming in it is the unavailability of Network Address Translation. It’s a security feature in IPV4 addresses, which hides the IP addresses of devices involved in its network. All devices seem to be using the same IP address, which is the NAT device’s address. This protects the IP addresses of devices from getting leaked. This is, however, not possible with IPV6. That’s why you should disable IPV6 for your server. The exact process of disabling it may vary depending on your host, but you should find it out and disable it for sure.
#7. Use SFTP, not FTP
A lot of times, we use FTP clients to upload the files to our server. It’s always a good idea to use them because they don’t require you to log in to your cPanel and help quickly upload large files. All these clients use the File Transfer Protocol (FTP) to work. However, FTP is not a very secure method of transferring files to your server. Just as there’s HTTPS for secure transfer of data between a server and a client, there’s a secure version of FTP called SFTP to ensure the encrypted and secure transfer of files between your computer and your server. It would be best to use this protocol while using an FTP client to upload a file to your server. A far more resilient data transfer solution like FASP, which is built to be up to 100x times faster than traditional FTP, is what Aspera is built on. Aspera software, created by IBM and provided by Pacgen, provides a more resilient, fast, and dependable transfer of huge data.
#8. Close Unnecessary Applications and Get Rid of Unused Services
Like unutilized ports, unnecessary services and applications can also be harmful to a business’s security. You should check all the applications and services running on your server and ensure that none of them is running without purpose. If there’s an application/service running without any particular need for your essential requirements, then it may be opening a gateway of vulnerabilities for attackers. So shut off all such applications and services.
#9. Keep a Watch on Common Security Threats
We keep an eye on new security threats that keep emerging in the security landscape, but often we ignore the common threats that are old yet effective. For instance, we ignore the possibility of SQL injection attacks, DDoS attacks, brute-force attacks, MiTM attacks, etc., because they’re too old. However, each of these techniques works as perfectly today as it used to work 10 yrs ago. Therefore, it’s essential to ensure that your server is protected against them. Here are some steps you can take:
- Always use parameterized database and code to protect your server against SQL injection attacks
- Limit the number of login attempts someone can make on all your login pages. Ideally, you should lock out someone’s IP address if they fail to enter the correct password three times in a row so no one can crack a password using brute force.
- Use a reliable Content Delivery Network (i.e., CDN) to protect your server against DDoS attacks
- Avoid accessing the server on public networks and always communicate with the server over HTTPS and SFTP protocols because these security protocols secure your data integrity and protect you against MiTM attacks.
#10. Ensure updated server software
A lot of times, web servers are hacked for some reason that’s taken for granted. Software updates are also one such type of reason. People install the best-of-the-best security software on their server but don’t update the OS regularly. As a result, they risk getting hacked when someone exploits a vulnerability inherent in their server’s software. To prevent it from happening with you, always keep your server software updated, no matter what. It will be wise to enable automatic updates on your server OS.
#11. Run data backups
Finally, keep in mind that no matter how many precautions you take and how many security standards you follow, there may be times when you get hacked. It has happened even to some of the most prominent organizations which have dedicated security teams and budgets worth millions of dollars dedicated specially for cybersecurity, so you should never think that you’re smarter than the rest. However, that doesn’t mean that all the above-outlined steps are a waste of time. They’re very much needed if you want to protect your server from cyberattacks, but you should combine them with a solid backup strategy to ensure that your data is backed up regularly. If you’ve all your data backed up, you’ll be able to migrate to another server quickly in case of a cyberattack.
So these are the eleven steps you can take to protect your VPS or dedicated server from hacking. As long as you implement them, it’ll be challenging to attack your server and cause you any significant damage. If you still have any questions about any of these steps, feel free to share them in the comments, and we’ll try to answer. On the other hand, if all your doubts are clear, then implement these steps today to protect your server. All the best!