Server Security Checklist – How to maintain the security of your server?

We are convinced that almost all server owners have to struggle with the maintenance of their server, which is not always as easy and transparent as we would assume.  Our treasured servers are vulnerable, sensitive and exposed to many many types of attacks, exploits or malfunctions. That is why we have to take care of them on a regular basis. We have consulted some websites, added our own ideas, and came up with the following checklist, which will evidently serve your advantage.

#1 Backup

Before you decide to make some changes on your server, make sure to check the functionality of your backups. It could be a good idea to run a test, before editing/creating/erasing something sensitive from the server.

#2 Use SSH key Authentication

With SSH authentication, your passwords become encrypted,thus harder to snatch. In contrary, where password-based access is available, the black-hat hackers can always start a bruteforce attack to fetch your log-in credentials.

#3 Update your OS

This may sound like a cliché, but automated or manual updates can be critical. All updates are coming along with security patches , updates or with a more varied range of security solutions for your loved server. It is important to note that after the OS company announces the new update, it takes only 5-6 days for malicious attackers to reverse the system and find the vulnerabilities in it. That is why you should update the server ASAP. Read some interesting facts about the recent Linux kernel vulnerability.

#4 Firewall

Obviously, they serve as an additional layer of protection. They drop the suspicious connections and thoroughly analyze the incoming and/or outgoing traffic.

#4 Frequently investigate hardware errors

Logs may be the biggest aid for server owners/administrators, because they provide all the needed information to catch up with the ongoing processes, and also you may want to check the logs before the system rotates them. Network failures, overheating may be warning signs for hardware malfunctions.

#5 Check server usage

Most of us have to face with high server load, when you can feel your memory burning, so you become worried because of the high CPU spikes.  If you experience that the server started to reach its limits, you may want to think about extending the RAM or find some alternative solution. In two of our recent articles we adviced you commands to handle high CPU usage and another one, which talkes about the adventure story of our developer.

#6 Yes, Passwords…

I know you have heard enough from us about the importance of changing passwords, and using unexpected combinations of letters, numbers etc, but we just can’t stop to emphasize its importance. We experience on a daily basis that despite of the abundant warnings by ISPs, IT  or webhosting companies the number of cracked accounts by bruteforce does not seem to decrease.  That is why we recommend to change your passwords in every 6 or at least 12 months.

#7 Isolation Execution Environments

Implementing these enviroments increases the ability to tackle security errors easier. If you separate your working environments from each other it decreases the probability that an attacker can have access to it, even if he/she got into other parts of your infrastructure.