5 steps to make your VPS secure!

server virtuale sicuroThis guide is as easy as important to provide security for your virtual server right after activation applying simple but efficient measures.

Virtual server is supplied with selected OS basic installation but this solution does not provide server security during massive hacker attacks applying automated systems.

Examples in this guide are based on CentOS 7 distribution but are also easily applicable with other insignificant variations.

1. Setting a secure password

First thing to do during virtual server purchase or right after activation is setting a solid password.

Attacks with “brute force dictionary” and similar  hack tools are based on the fact that many people use simple and commonly used words such as “1234”, “12345”, “password”, “hello”, “baby” etc…

Hackers use dictionaries compiled of frequently used passwords that allow to take control of the server in a couple of minutes.

Assuming this we suggest to consider following tips while creating root password:

  • At least 16 digits
  • Include symbols like @ # $ %
  • Casual use of capslock (capital letters)
  • Casual combination of letters and numbers

Here is an example of solid password f,W{E/mCKg2NGHDx, you should not use this one, off course!

To change root password you should run this command:

passwd root

Inserting password when requested

NB. The same rules apply not only to root but also to all the other users including accounts like email, ftp, etc.

2 . Modifying SSH port

The attacks are usually made using the default SSH port which automatically responds to port 22, so that is a good reason to change this port number.

To change SHH port from 22 to any, for example – 44011, you should edit SSH configuration file

vi /etc/ssh/sshd_config

Again, 44011 is an example – use your imagination up to five number digits!

Press [i] button to edit the config file and rewrite line with default port #Port 22 changing it with the new line Port 44011

Save changes to file pressing in a sequence [esc] [ : ] [ w ] [ q ]

Restart SSH service with the following command:

systemctl restart sshd

Following connections should be specified with the new port number. For example using Putty settings should be as following:

putty

3 . Setting Firewall and IPS

Fundamental feature for system security is correct firewall settings blocking access to malicious users intending to access server through the combined ports to get control over services not provided for external use.

Manual configuration of settings for advanced firewall might become painful while it is provided in almost all software versions by Linux. That is why we recommend to benefit from dedicated tools allowing to get full and intelligible control over all settings including additional options such as:

  • Intrusion Detection
  • Stateful Packet Inspection
  • SSH login notification
  • POP3/IMAP login tracking to enforce logins per hour
  • Excessive connection blocking
  • Suspicious process reporting
  • SYN Flood protection
  • Port Scan tracking and blocking
  • Permanent and Temporary (with TTL) IP blocking

See full list at http://configserver.com/cp/csf.html

Continue with installation:

Install packages and modules necessary for correct software operation using the following command:

yum install perl-libwww-perl -y

The next step is launching these commands as follows:

wget http://www.configserver.com/free/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh

To set flag testing a 0, we edit the following config file:

vi /etc/csf/csf.conf

Pressing [ i ] button for edit we find the following line:

TESTING = “1”

We modify 1 to 0:

TESTING = “0”

Then we should launch the following command to get firewall activated when server starts:

chkconfig --level 235 csf on
service csf restart

Advanced management for software is available installing webmin with CSF module going to following menu
Webmin > Webmin Configuration > Webmin Modules >From local file > /usr/local/csf/csfwebmin.tgz > Install Module

Another important feature is correct configuration of TCP_IN and TCP_OUT ports for the necessary services.

4 . Backing up

Another instance of good practice is performing regular server backup to be able to recover important data in case if data was accidentally deleted, or simply to roll back to previous settings.

Now Backup techniques result in a sizeable expansion providing a wide choice to options to ensure against loss of important data: from simple FTP backup (here is an easy guide http://www.cyberciti.biz/faq/linux-unix-autologin-cron-ftp-script/ ) to complex CDP software solutions (Continuos data protection).

The choice s up to you, but in case if there is still doubt you can always contact our consolidated staff to receive free and professional consultation about choosing the solution that will suit your needs in the best way.

5 . Keeping your system up-to-date

All the main Lunux distributions receive regular updates to improve its performance and functionality. Updates can fix eventual vulnerable spots, so its a good practice to check and install all new updates maintaining the system up to date, especially after the first installation.

Here are the main commands:

Main check for updates:

yum check-update

Update packages:

yum upgrade

Summing up:

Completing this guide you can go the the fundamental stages to maintain virtual server secured and trouble-safe. These instructions are also applicable to dedicated server.

In conclusion, server security measure might go much further. In this guide we did not mention protection of applications installed and server enclosure by closing all external ports dedicated to unused services.

Potrebbe anche interessarti

Argomenti

Seguici