12 Tips to improve GNU/Linux server security

“Security” by CarbonNYC [in SF!] is licensed with CC BY 2.0. To view a copy of this license, visit https://creativecommons.org/licenses/by/2.0/

Any server or device with a public IP address becomes a target for attackers. Therefore, it is of utmost importance to harden the security in order to neutralize any malicious activity, here are 12 tips that will help you improve the security of your server.

  1. Install your server in text mode, this will guarantee greater security and performance.
  2. Keep your operating system and other applications updated.
  3. Create strong passwords resistant to brute force attacks.
  4. Disable root user access via SSH. Most of the attackers use zombie machines and execute brute force attacks against common users such as: root, admin, super, … hence using a difficult to guess user increases server security.
  5. Create a user with administrative privileges and that the user’s login don’t be common, this is the user that you will use to connect via SSH.
  6. Disable password authentication via SSH, use only public and private keys for this purpose. Public and private keys authentication improves security and it frees the users from remembering complicated passwords.
  7. Disable / uninstall services and applications that are not used.
  8. Deploy a firewall in order to protect the server from malicious activity.
    1. Keep open only public ports like 80 and 443, close all others.
    2. Implement rules that protect your server against DDOS-like attacks.
  9. Deploy an Intrusion Prevention System such as fail2ban, fail2ban will block any malicious activity for a certain time, for example block all IPs that have made X unsuccessful authentication attempts via SSH.
  10. Protect your Apache server by installing the mod_security module.
  11. Protect your websites with SSL, using Let’s encrypt.
  12. Protect your MySQL DB server using ProxySQL
YouTube Video

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.