It doesn't matter if you use a privately hosted or publicly hosted VPS data, all your data should be as secure as possible. As the administrator of your server, there are a few simple tips you should know that will help you make sure the information held on your website is secure.
No matter how reliable the hosting company you choose is, the following tips will help you maintain your VPS safe.
1. Server control
First of all, check your server. This will help you to see what is going on in your system but also to find where the vulnerabilities of your system are. The good news is that there are several tools that can help you with this process.
2. Disable unused services and ports
The next step is to check the running applications and services. Ask yourself if you need all the services and applications for the operation of your VPS.
If you think a particular application is necessary, then determine if it should always be open to the public. If you see that many applications that you do not use are running, then your server is not so secure.
To list all services running on Linux servers, use the command:
systemctl
As for the ports, open only those required by the VPS for optimal functionality. But it is not only that. You need to open these ports with IPtables and set the default input chain. This means that any port you do not open will be permanently disabled. You can learn how to manage ports on Linux here.
3. Update your server and keep regular backups
Keeping your system up to date with the latest software is incredibly key to better safety of your VPS.
Make sure you run the most secure applications and make sure you back up your VPS data frequently. This ensures that in the event that something goes wrong, you will have all your data intact. This will allow you to retrieve the information or even go back to the previous version.
4. Make sure you are using secure SSH settings
As you know, SSH is one of the system standards needed to run and configure your server. Of course, you're not the only one who knows this… hackers may even know this better. So keeping this daemon safe should always be your top priority. The good news is that its settings SSH is very simple.
Remember, as administrators, you are solely responsible for the security of your server.
Here are some helpful tips:
- Change the SSH port
- Prevent root access for any user trying to connect to the server via SSH
- Do not use a password but an SSH key.
- Install intrusion detection software such as Fail2Ban to restrict user connections
- Set up your system to notify you whenever an unauthorized user tries to connect to your server.
- Be careful with known threats.
- Remove any unused packages or disks
In most cases, your server comes with many applications and services. What you do not need should be removed, because they can act as an intruder. Any package used can present some vulnerabilities and it is best practice to keep only the services you need.
6. Use a top security policy
Weak passwords are the ultimate threat to your server security.
Avoid leaving your server without a password. If you decide not to use an SSH key, a strong password should never be less than 10 characters that combine letters, numbers, uppercase and lowercase and special characters.
7. Adjust the firewall
There are many firewalls to choose from for your server security. Adjust the firewall to help filter out unwanted traffic. This is one of the ways to fight DDoS attacks.
You can also use the application TCPWrapper to help you filter out programs that have access to network.
8. Install updated antivirus software
Antivirus or antimalware software can be a good defense on your server against any malicious software that has managed to break through the firewall. While a firewall provides protection against malicious activity trying to enter your system, it cannot do everything.
If you have a low budget, you can choose free alternatives that work. You can select open source applications such as Maldet to scan for potential threats to your VPS.
