By running your own server, you may feel more secure against hackers. While cybersecurity requires constant vigilance, it can become an easy routine knowing some useful procedures to protect your server from attacks.
In this article, we will look at some methods you can start applying for your server security, and to improve its protection as soon as possible.
Hide all information in your server software versions
If hackers can identify the software version your server is running, they can use this information to exploit any known bugs and security vulnerabilities in this version. You need to look for specific steps for this software, however some common software and services you want to check are:
Email servers: Various mail servers can share their version in banners, which are sent after connecting via SMPT, IMAP and POP3, as a form of security handshake. It is known as grab attacks.
Web servers: Analyze your server's HTTP headers if you are using Apache, NGINX, Microsoft IIS, or anything else.
- WordPress: You will check almost everything, including plugins, forms, galleries, themes and filenames, including CSS and JavaScript. Here are some good tips for securing your WordPress site.
- SSH: OpenSSH communicates with the OS version by default.
- Fillet servers: Your FTP, SFTP, WebDav, and other file servers could share their release information at login, before authentication.
- Website languages: Frameworks for PHP, Java, .NET, and other web languages can sometimes include HTTP headers with version information, such as "Powered by x".
Consider virtualizing the SQL environment
SQL Server virtualization was once considered too resource-intensive to be practical in everyday use, but times have changed as material of the server has grown significantly in power in recent years. Some good practices to remember are to always try to use SLAT compatible hardware and monitor server performance using a performance monitoring tool like SentryOne.
Install only the absolutely necessary software
If your server has a lot of services, add-ons and software, you have a fairly broad attack vector. Your server should contain the essentials, with only the most critical tools and software you need to install.
You should also make it a dependency checkpoint for software, as this can lead to installation problems additionalsoftware. You should try to get software with the least possible level of dependencies.
Protect yourself from brute force attacks
Instead of allowing password connections, consider SSH key authentication. However, there are advantages to using SSH keys, such as tools for breaking weak SSH key passwords to recover the SSH key. It is a much stronger form of security than regular passwords in many cases.
Other things to do are to limit the authentication rate so that the automated password and control keys to significantly slow down and automatically block IP addresses with a failing connection rate.
Additionally, you should close as many network ports as possible while filtering out those that cannot be blocked. Your firewall configuration should have a default blocking policy and you should filter open ports allowing only traffic based on the actual expected origin (IP address, location etc.).
Update your software regularly
Many breach attempts nowadays are either aided or abetted entirely by bot tools, which scan your network for critical access points. You can mitigate many potential risks by keeping your software up to date, not only with security code updates for your operating system, but also any packages and dependencies.
You should also check your server logs regularly for signs of problems, such as errors or strange events.
Conclusion
This is just a short list of quick steps you can take to secure your server from hackers, but there are many more in-depth strategies you can follow as you deepen your cyber security. If you use a server in your home, you may also want to consider protecting yourself from data and identity theft.
