Securing a Server Tip #2

If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!

In our last tip we discussed installing a firewall and how it can help keep a server closed off from certain attacks. While this is certainly helpful, the fact remains that your standard ports are still open to accept connections. Port 80, for example, is used for http connections. Port 25 is used for mail exchange. Port 21 is used for FTP. This is common knowledge, and any attacker who is looking for vulnerabilities in your server knows that these ports are going to be open. However, depending on who uses your server, it may be possible to change the port numbers of your services. For example, if you want to change the SSH port, simply edit the file /etc/sshd_config and change the port from 22 to any port of your choosing. Before restarting the SSH service, make sure you have opened the new port in your firewall. Otherwise, you may get locked out of the server. It may also be advantageous to disable the firewall completely, restart the SSH server, and then attempt to connect on the new port. This way you can confirm that SSH is accepting connections on your new port, and you don’t have to worry about the firewall being an issue during your tests.

Sometimes you can’t change the ports, such as with port 80. These ports are used by browsers and tools that expect the port to be open. For services such as SSH though, where you have the option of selecting the port, it may be beneficial to make the change and then close that port in the firewall. Also, if a port or service is not in use, close the port completely  to eliminate another means of entry into the server.