Server Security Checklist – How to maintain the security of your server?
Nikoletta Szabo

Server Security Checklist – How to maintain the security of your server?

Nikoletta Szabo

We are convinced that almost all server owners have to struggle with the maintenance of their server, which is not always as easy and transparent as we would assume.  Our treasured servers are vulnerable, sensitive and exposed to many many types of attacks, exploits or malfunctions. That is why we have to take care of them on a regular basis. We have consulted some websites, added our own ideas, and came up with the following checklist, which will evidently serve your advantage.

 

 

new-piktochart_113_9d872a143fd6fe9c680443f36ace3f91b512cd49

 

 

#1 Backup

Before you decide to make some changes on your server, make sure to check the functionality of your backups. It could be a good idea to run a test, before editing/creating/erasing something sensitive from the server.

#2 Use SSH key Authentication

With SSH authentication, your passwords become encrypted,thus harder to snatch. In contrary, where password-based access is available, the black-hat hackers can always start a bruteforce attack to fetch your log-in credentials.

#3 Update your OS

This may sound like a cliché, but automated or manual updates can be critical. All updates are coming along with security patches , updates or with a more varied range of security solutions for your loved server. It is important to note that after the OS company announces the new update, it takes only 5-6 days for malicious attackers to reverse the system and find the vulnerabilities in it. That is why you should update the server ASAP. Read some interesting facts about the recent Linux kernel vulnerability.

#4 Firewall

Obviously, they serve as an additional layer of protection. They drop the suspicious connections and thoroughly analyze the incoming and/or outgoing traffic.

 

2-firewall

 

 

#4 Frequently investigate hardware errors

Logs may be the biggest aid for server owners/administrators, because they provide all the needed information to catch up with the ongoing processes, and also you may want to check the logs before the system rotates them. Network failures, overheating may be warning signs for hardware malfunctions.

#5 Check server usage

Most of us have to face with high server load, when you can feel your memory burning, so you become worried because of the high CPU spikes.  If you experience that the server started to reach its limits, you may want to think about extending the RAM or find some alternative solution. In two of our recent articles we adviced you commands to handle high CPU usage and another one, which talkes about the adventure story of our developer.

#6 Yes, Passwords…

I know you have heard enough from us about the importance of changing passwords, and using unexpected combinations of letters, numbers etc, but we just can’t stop to emphasize its importance. We experience on a daily basis that despite of the abundant warnings by ISPs, IT  or webhosting companies the number of cracked accounts by bruteforce does not seem to decrease.  That is why we recommend to change your passwords in every 6 or at least 12 months.

#7 Isolation Execution Environments

Implementing these enviroments increases the ability to tackle security errors easier. If you separate your working environments from each other it decreases the probability that an attacker can have access to it, even if he/she got into other parts of your infrastructure.

Share your ideas with us about this article

Previous posts

Pi-Ninja-Security for RaspberryPi
The real geek escaped from one Ninjastic developer of ours lately, and in his freetime he decided to try to install BitNinja on his Raspberry Pi 2 model B. And guess what happened? He was successful! What is more, BitNinja also captured some attacks with its port honeypot module. Now, let me describe you the process of the installation and what he exactly found. So the tool is Raspberry Pi 2 model B, and he uses Linux: Raspbian GNU/Linux 8 on it.   The process: Bitninja is not available for arm architecture, so he was not able to install it from the Bitninja debian reposit...
BitNinja overcomes CVE-2016-5696 vulnerability
CVE-2016-5696 Linux Kernel vulnerability has been recognized two weeks ago by some watchful researchers , who immediately informed the world of the Internet about the potential dangers waiting for them. This vulnerability can be exploited by an attack called with the umbrella term: “man in the middle attack” and is mainly conducted by off-path hackers. RedHat and many other companies informed their clients about the new foundings and described the issue the following way: ” Researchers have discovered a flaw in the Linux kernel’s TCP/IP networking subsystem implementation of...