Securing a Server Tip #1

If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!

One of the problems when working with our servers is finding a balance between server security and general usability. If a server is locked down to the point where no one can run anything on the machine, no one will want to host with you. But, if you fail to make the server secure, you’re going to run into a lot of problems either with hackers, spammers, or a mix of people who just want to cause trouble. In this series we’re going to look at a few tips that can help you secure your server.

Tip #1 is the most obvious means of securing a server, and that’s installing a firewall. A firewall can either be hardware or software, but usually you will have to pay the datacenter an additional monthly fee if you want hardware protection. Software solutions are usually free, and we strongly recommend ConfigServer. ConfigServer works best on servers running cPanel, since it’s easy to control the server directly from the WHM interface. It’s a great package regardless and offers functionality across the board from regular port blocking to monitoring of invalid login attempts. For example, if someone were to attempt to break into your server by repeatedly trying to guess your passwords, the firewall will detect the intrusion attempts and block the IP address of the attacker.

A firewall also helps you out in that it can close ports, or the virtual addresses outside computers will use when connecting to your server. By only having essential ports open, such as port 80 for http connections and port 22 for SSH, you can limit attacks that use non-standard ports. This is also good if a malicious script gets on your server and attempts to connect to another machine. By having all non-essential inbound and outbound ports blocked, you don’t have to worry about that malicious script sending confidential data to other machines.

We will post a tip every few days. Check back later this week for tip #2.