Security matters and the more serious, potent, and ambitious your web project is, the more attention you have to pay to security.
If you have opted for Linux VPS, this means that you do care about security since it is one of its properties is the enhanced level of security if you compare it to, say, shared hosting.
Linux VPS is also a better option in terms of security compared to Windows Server VPS. This is provided by Linux secure model and guarantees a definitely better default level of security. However, this security is still not absolute and there is still much to do if you want to improve it. That’s why we have decided to dedicate today’s article to the ways you can increase the security of your Linux VPS.
Securing your Linux VPS
- Turn off login as a root user
This is one of the simplest ways you can protect your server with. On Linux, the default username is always “root”. This feature can be abused by hackers: trying just to simply guess the password, they can eventually log in to your system and to anything they want. By disabling this option, however, you can simply block this way for them.
To do so, first, create another username. After this, you’ll have to perform the root-level commands via the sudo command. Once you are through with creating a new username, you will have to disable the root access. Go to /etc/ssh/sshd_config and change the PermitRootLogin parameter from “yes” to “no”.
- SSH port
This one is another parameter, leaving the default value of which will make it easier for hackers to breach into your system. To choose another value (the default is 22), go to /etc/ssh/sshd_config and enter the desired value. Make sure that this number will be used by your SSH port only, or you might have troubles in form of clashes.
- Regular updates
Another easy way to keep your Linux VPS in safety is to make sure to regularly update all things possible. To update the installed software, use rpm/yum package manager on CentOS and RHEL or apt-get on Ubuntu or Debian. To keep better track of your updates, set up automatic email notifications. If you want your security updated to be automated, set up a cronjob.
If you use cPanel or Plesk to manage your server, they usually update automatically.
- Turn off the network ports that aren’t used
Open ports are one of the easy targets for a hacker. So, the more of them are, the worse. Turn off the unused ones, and you’ll increase the security of your VPS greatly.
First, execute the netstat command to see, which network ports are open and what services are they connected with.
Then, to close all open ports, you can either set up iptables configuration or apply chkconfig command to turn off undesired services.
- Get rid of unnecessary modules and packages
Another thing that you might not really need and that can be a weak point of your security are the modules and packages. It’s pretty much probably that many of the packages and modules that are preinstalled on Linux won’t really come in handy for you. So, keep an eye on what you really need and what is rather redundant and try to always get rid of the latter.
- Turn off IPv6 if you don’t use it
Unless you are using IPv6 it’s better to turn it off, as it can be often used by hackers as another way to get into your system and fill it with malicious stuff. To resolve the problem, go to /etc/sysconfig/ network and then configure it in the following way: NETWORKING_ IPV6=no and IPV6INIT=no.
- Take care of passwords
Creating and memorizing a new strong password can be a task that requires a bit of creativity and effort, so many users often ignore it in favor of using the most obvious variants, using different configurations of “qwerty” and numeral sequences between one to ten. However, a weak password is exactly the reason why thousands of accounts get hacked.
Make sure to have a password that unpredictably combines letters, numbers, and special signs. You can also set up the password aging timer, to make yourself change the password once in a while, restricting the repeated use of the same password.
You can also restrict the number of login attempts using faillog command.
Whatever your base level of security is, it will never be to much take care of it in all possible ways. In this article we have provided you with a few easy basic steps, performing which will take away the easiest ways for hackers to take over control over your system or to harm it in any other way. This guide is not exhaustive and you’ll certainly find more ways later on, but we think that this is at least a good start. If you haven’t purchased a VPS Linux server yet, go ahead and check out this Debian virtual server hosting offer by HostZealot. Thank you for your attention and have a nice day!
Working as a cyber security solutions architect, Alisa focuses on application and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.