There are a variety of security measures that can be put in place for dedicated servers and you can choose to install these measures yourself on your dedicated server or have a server hosting company install them for you. Make sure the server has a firewall, and if possible one software and one hardware firewall. If you have a Linux-based server, you might want to consider Advanced Policy Firewall (APF). APF is a policy-based iptables system that has simple configuration and ease-of-use. Another handy installation for your server is Brute Force Detection (BFD). BFD is set up to detect whether there are numerous failed login attempts coming from the same IP address within a short amount of time and if there are then BFD blocks the address in the server firewall which means that the address cannot connect to the server. If you're installing BFD then you need to install APF first as BFD works alongside APF and requires some of APF's files to work correctly.
You should ensure direct root login is disallowed so that users have to login via other user accounts. Therefore you provide SU to the root only when necessary. Doing this helps to keep your server safe from possible hackers. You can organise to have e-mails delivered to you each time there is a root login to your server. This allows you to keep track of authorised logins and highlights when there are unauthorised logins. For security purposes you should use an off-site e-mail address to prevent a hacker from accessing your e-mail account following a successful hacked login. You should always keep the security on your server up to date as the e-mail notification system will not prevent hackers from creating SSH connections so they can login to SSH whenever they want. Remember as well to change the default SSH port.
Install a root kit checker and run it once or twice a month on your dedicated hosts server or alternately check that your server hosting company does it. This tool is available to download free of charge. There are multiple root kit checkers, for example Rootkit Hunter, to download.
You should disable unused or dangerous PHP functions. It's also good to have Apache DOS Resistance tuning (mod_evasive) for your server as well as Apache mod_security. Mod_security is embedded into the web server and detects intrusions and protects web applications from attacks. The mod_evasive module provides evasive action when there is an HTTP DoS, DDoS or brute force attack. The module can be configured to communicate with server firewalls, ipchains, routers and the like and can be utilised for network managing and detection purposes. Server abuse is reported through emails and syslog facilities.
Other useful methods for securing dedicated servers include disabling any services that are not needed, installing a virus scanner and always scanning any FTP uploads. Use strong passwords that incorporate special characters and are a minimum of ten characters. There is a range of security methods in addition to the ones discussed above that can assist in keeping a dedicated server secure. You can get a secure server through a server hosting company or if you have admin experience you can install dedicated server security features yourself.
You should ensure direct root login is disallowed so that users have to login via other user accounts. Therefore you provide SU to the root only when necessary. Doing this helps to keep your server safe from possible hackers. You can organise to have e-mails delivered to you each time there is a root login to your server. This allows you to keep track of authorised logins and highlights when there are unauthorised logins. For security purposes you should use an off-site e-mail address to prevent a hacker from accessing your e-mail account following a successful hacked login. You should always keep the security on your server up to date as the e-mail notification system will not prevent hackers from creating SSH connections so they can login to SSH whenever they want. Remember as well to change the default SSH port.
Install a root kit checker and run it once or twice a month on your dedicated hosts server or alternately check that your server hosting company does it. This tool is available to download free of charge. There are multiple root kit checkers, for example Rootkit Hunter, to download.
You should disable unused or dangerous PHP functions. It's also good to have Apache DOS Resistance tuning (mod_evasive) for your server as well as Apache mod_security. Mod_security is embedded into the web server and detects intrusions and protects web applications from attacks. The mod_evasive module provides evasive action when there is an HTTP DoS, DDoS or brute force attack. The module can be configured to communicate with server firewalls, ipchains, routers and the like and can be utilised for network managing and detection purposes. Server abuse is reported through emails and syslog facilities.
Other useful methods for securing dedicated servers include disabling any services that are not needed, installing a virus scanner and always scanning any FTP uploads. Use strong passwords that incorporate special characters and are a minimum of ten characters. There is a range of security methods in addition to the ones discussed above that can assist in keeping a dedicated server secure. You can get a secure server through a server hosting company or if you have admin experience you can install dedicated server security features yourself.
About the Author:
Melbourne can help protect your dedicated servers against attacks. Read more on security and dedicated hosting
{ 0 comments... Views All / Send Comment! }
Post a Comment