“You wouldn’t wish this on your worst enemy,” a frustrated statement given by NZX CEO Mark Peterson after a shocking malicious attack over the New Zealand stock exchange website.
Yes, it should be frustrating when cyber attacks cause a hit on the Stock Exchange, Banks and other individual companies on the exchange’s list.
Server security is one of the most concerns we face for centuries. No day passes without a news article showing a brute force attack into servers.
Even though the system software is growing more advanced and more complicated, hackers are becoming better and better-organized to break all the walls built to protect a server.
It’s an ongoing battle from the beginning and which can never really be won.
Let me give some tips that may help to secure your server.
How We Secure Our Server From Cyber Attacks
Tip #1 Establish A Secure Remote Connection
Establishing A Secure Connection
There are many ways to connect to a server remotely. SSH, telnet, Stunnel, HTTPS with client-side authentication etc. SSH is found to be the most secure and popular way of security.
Unlike the traditional way, SSH gives an end to end encryption throughout the data exchange.
You have to do some tweaks to make ssh more secure.
SSH port number will be 22 by default. You need to change this to a secure port number. Many server configurations guides recommend using a port number greater than 1024.
Change the port number in the sshd.conf file under the etc file system.
$ vi /etc/ssh/sshd_config
locate the line with port number and change port number and remove the # symbol from the line.
Restart sshd by following commands:
For CentOS and Fedora:
$ service sshd restart
For Debian and Ubuntu:
$ service ssh restart
PS: Do not exit your open root session until you can log in using the new configuration.
Passwordless Authentication
It is more secure if you use an SSH key pair instead of a password login.
A cryptographic secure key can be used to authenticate the client to a remote server.
The key pair contains a public key and private key having many bits than an 8 digit password. RSA 2048-bit is the most popular encryption.
The client can use the private key to securely login to a remote server. The private key must be kept in a safe (hidden folder like .ssh) and should not be shared with anyone.
For additional security, the key can be encrypted with a passphrase.
The public key should be saved in the remote server in the file ~/.ssh/authorized_keys.
Generating A Keypair
To set up ssh keypair authentication on a Linux or macOS computer:
Open the command line of your local computer and enter.
$ ssh-keygen -t rsa
You will be prompted to enter the filename for key pair and a passphrase for the same(default file name will be id_rsa for private key and id_rsa.pub for public key).
Generated keys will be stored in the folder ‘.ssh’.
You can use SCP to copy the public key to the remote server which you will be prompted with the account password.
$ scp ~/.ssh/keypair.pub username@hostname
Copy the public key to the ~/.ssh/authorized_keys folder( create one if there isn’t any)
$ cp ~/keypair.pub ~/.ssh/authorized_keys/
You can now login to the remote server using SSH.
$ ssh username@hostname
ps: Enter passphrase if you created any.
If the private key you’re using does not have the default name or is not stored in the default path, use:
ssh -i <location to your private key> username@hostname
eg: $ ssh -i ~/.ssh/keys/my_key root@hostname.com
You can also generate the keypair using PuTTY on windows.
Tip #2 Always Use Secure Certificates
You need to make sure your transfer protocol is secured with authenticated certificates. HTTPS(HTTP with SSL/TLS) will provide an end to end encryption during the data exchanges.
This will protect your data from intruders.
SSL vs TLS
SSL and TLS are security protocol certificates that you can add with your domain name. SSL(Secure Socket Layer) protocol and TLS(Transport Layer Protocol) will authenticate a connection during data exchange.
A web browser will check the certificate’s authenticity before making a connection, which is called a “handshake”.
You may not be familiar with TLS. TLS is the most advanced version of SSL. Most of the servers are using TLS over SSL. Most of the generated certificates can work with both protocols.
If you bought an SSL certificate doesn’t mean you are using an SSL certificate. Most of the hosting providers use TLS 1.2 and higher for data exchange. SSL has security issues, and most of the web browsers don’t support them.
PS: Not try using credit/debit card transactions through an unsecured site( with HTTP). Always make sure to connect over HTTPS.
There are paid and free SSL/TLS certificates provided by different hosting providers.
Transfer Protocols
HTTPS, SFTP(Secure File Transfer), FTPS, MFT, AS2 were the available transfer protocols for data transfer.
SFTP will provide a secure file transfer. The data will be heavily encrypted during the transfer.
HTTPS is the most popular and widely used data exchange method. A secure authentication certificate like SSL/TLS will give an end to end encryption on data transfer.
SFTP is the most secure solution for data exchange, and most of the business traders prefer SFTP as their primary data transfer method. SFTP allows you to transfer data through a secure shell and can be only accessed via username and passwords or ssh keys.
FTPS is a file transfer protocol over SSL/TLS. FTPS allows you to set the preference for transformation. You can either fully encrypt the file or transfer without encryption.
AS2 (Applicability Statement 2) is another method of data transfer through the server.
AS2 masks the data with encryption and authentication before exchanging through the network.
MFT(Managed File transfer ) uses CPG and PGP encryption for securing the data. It gives you performance metrics and continuous transfer monitoring.
Organizations are starting to replace FTP with MFT as they provide you with more security and a better user interface.
Tip #3 Build a Security Wall
If you are using a VPS or dedicated servers, install and configure your firewall before doing anything on the server.
Don’t let intruders take access to your firewall because firewall controls your inbound outbound traffic, access controls, Ports allowed, etc. stopping a firewall means free and open ways for hackers to do anything on your server.
Place your services in a demilitarized zone that give limited inbound traffic access from the internet.
Tip #4 Manage your user accounts
Many of those who are not familiar with a command-line will use a control panel for their server. These control panels are logged in via a username and passwords.
For a full access server other than a shared server, you are getting the root access to the server. This root access means you have every privilege to do whatsoever in your server.
So use root privileges only if you are that good with the server because all server configuration is only altered by root privileges and you can’t undo what you have done as a root user.
Also, enable two-factor authentication to verify your account.
Creating multiple user accounts on the server is not an idle choice, but you need to restrict the privileges even if you did.
Please note that having a root user means you can do any commands on your server.
Protect Your Passwords
Generate a safe, secure and strong password for your control panel and also don’t forget to change your passwords regularly.
Try not to share your passwords to anyone. Even if you do change passwords immediately.
Tip #5 Protect Your IP
Masking your IP from an outsider is a good practice to hack your server through your IP. There are masking tools like Cloudflare to support this.
Prevent DDOS Attacks
Even though the intention of DDOS is not to hack into your server but to deny your service through the network, we can identify and avoid DDOS easily.
Hackers are sending a bunch of spam mails to freeze your service to others, that’s simply a DDOS.
These groups of emails can get easily down your server within minutes. To avoid this, you need to monitor your mail list frequently.
A bunch of emails from the same IP at different intervals means they are attacking your server. Find the IP from the mail logs and adding it to your blacklist will prevent a further attack from the same.
Also enable all of your security tools inside a server like a firewall, Spam protection, masking your IP, VPN, Load balancer etc.
Tip #6 Frequent Updates and Security Checks
Keep everything in your server up to date. Your plugins, applications, security tools everything should be up to date.
Use Reputable Plugins
Most of the server is hacked through the vulnerable plugins. Don’t install plugins if you don’t need them.
Using a lot of plugins in your server may get you more enhanced and a fluent server but also it increases server security risks.
Using a minimum of plugins which are reputable is the best way to stop infiltration through vulnerable plugins.
Use Verified Themes
I see most of the developers try to install free or cracked themes for their website. These themes may contain malicious code that can harm your entire server. Only install a theme from trusted sources.
Keep Your Themes And Plugins Up To Date
Always make sure your theme and plugins are up to date. Frequent updates is like upgrading durability of armor.
Do a repeated security scan frequently to ensure any malware activities.
Check your contents for links that can harm your site/server.
Tip #7 Always Take Backups
You must take an account backup monthly and if you are attempting to do any commands as a superuser(root), take a backup first.
Why?
Taking your account backup in a fixed interval is a most safe way to keep your data and configurations. You can restore immediately the backup if you found any malicious activity on your server. Usually hosting providers will take backup but you should download a backup locally as a second option.
This backup will help us start over without losing your whole data. It is the easiest, reliable and the safest way to restore your lost files after data loss.
Conclusion
Preventing hackers is a sweating job when we have our valuable assets in our server. Hackers find a new way to infiltrate into the server for every security update by destroying every barrier built between them.
Being cautious (continuous monitoring) on such infiltration and attacks is the best tip to secure your site.
If you do have any doubts, ask me in the comment section below.