A server is a powerful computer that stores and processes a lot of data, and when you’re setting one up you want to make sure your data is kept under lock and key from the get-go. Whether you’ve got a dedicated server, VPS or cloud server, security is at the top of the priority list and we’ve got a checklist of 10 server security tips to get you started.
Why is server security important?
Cutting straight to it, an insecure server opens you up to all sorts of security threats and cyber attacks – you wouldn’t just leave your phone or laptop lying around unlocked, would you? Setting up and using an insecure server is like leaving your data sitting open on the internet waiting for someone to compromise it.
In today’s online world, anyone can be a target and security vulnerabilities can lead to data loss, jeopardising your users’ security and losing control of your server. Taking server security seriously means reducing the risk should anyone try and target your systems. The good news is that there are loads of things you can do to secure your server.
Did you know... the NFIB reported 31,322 cyber crime reports during 2020/2021.
What can I do to keep my server secure?
From something as simple as using strong passwords to setting up slightly more complex firewalls and VPNs, there are plenty of things you can do to nail your server security. Here’s our checklist of server security tips to get you on the right track.
1. Disable unnecessary services
When protecting your data you want to minimise the number of ways someone can hack/gain access to it. This is often referred to as reducing the number of attack vectors (methods of gaining unauthorised access) your server has.
You can do this by only installing the bare minimum you need to run your systems and applications. If you’re setting up your own server then you can start from the ground up. But if you’re using a third-party hosting provider, you’ll want to check if there’s any services that are included with your package that you don’t need. If there are then you should disable or uninstall them if you can.
2. Make sure software is up to date
Probably one of the simplest ways to secure your server is to make sure it’s all up to date. It’s easy to forget but new updates bring security patches and bug fixes that sort out any issues that have been reported.
What needs to be kept updated depends on what you’ve installed on your server. First off will be your OS, then any applications you’ve configured and any other tools you may have set up. Depending on your hosting, you may be able to set up automatic updates but you’ll want to make sure any updates that do get installed are compatible with your setup.
3. Check firewalls
You know how a fire door protects a room and its contents? Well you can think of a firewall in a similar way – it stops malicious data packets from gaining access to your server by monitoring incoming and outgoing traffic. They’re a must-have for setting up a server, but with different types of firewall to choose from you need to make sure you’re using the right one.
If you’ve ever used a Windows computer, you’ll be familiar with Windows Firewall, a good example of a host-based firewall. As it sounds, a host-based firewall is one that's installed on the host computer or server to protect it from attacks.
It’s directly installed as software and controls traffic to and from a specific host. Because it’s connected to the host itself, using one means that your server is protected no matter which network it’s connected to.
Pretty much doing what it says on the tin, a network firewall protects a whole network, controlling traffic and only allowing secure packets of data to reach your servers. A network firewall will defend any server (or computer) connected to the network which is essential if you have a network of servers set up.
4. Changing default passwords
When you set up a server you’ll probably find it comes with default passwords. One of the first things you should do is change these to your own secure passwords and make sure that you use best practices for all users.
What makes a strong password?
While it's still a good idea to aim for longer passwords (not just one word), best practices have evolved and a few tips would be:
- Make every password unique – don’t use the same one for multiple accounts
- Passphrases > passwords – Passphrases are multi-word phrases that use a jumble of random words that would be hard for a hacker to guess. The buzz word here is randomly generated. Ones you 'think up' yourself are likely to be weaker. An example would be: 'Baseball.Passengers.Sunshine'
There are also a few things you shouldn’t do:
- Don't use obvious/simple dictionary words
- Don’t use sequences, like numbers (123…) or letters (abc…)
- Don’t use personal info
- Don’t write passwords down
- Don’t use repeated words or sequences
If you’re worried that your passwords aren’t strong enough you could use a random password generator like Avast’s one.
The more complicated a password is, the harder it can be to remember it. If you think you’ll struggle, you can use secure password managers to store the information for you while keeping it all locked up safe.
5. Using a non-root account
Every server comes with a root (Linux) or administrator (Windows) user. This is a user that gets full access to the server and can execute any command. This power makes it a prime target for hackers looking to gain access to your system. That’s why it’s standard practice to disable the root user and create new user accounts with limited access that you can give root permissions to only when you need to. This way, you can protect your server while still having access to root-level functions.
6. Set file permissions correctly
If you’re going to have multiple users accessing your servers, you need to make sure you set file permissions correctly. For example, limited read access can keep confidential information private.
You can also restrict who can modify files so they’re only edited by the people who should be editing them. Normal practice is to not give all users full access – only giving the minimum amount of access they need is a good way to go about it.
7. Configure secure backups
Hands down, backups are one of the most important things you should be implementing when setting up a server. You can take all the steps you can to secure your server, but should the unthinkable happen, having a backup of your data could be a life saver.
Keeping regular backups means that you have a safe copy you can easily restore if you need to. These backups can also be encrypted to keep them extra secure. You should also test them regularly to check that you're backing up the right information – you don't want to be trying to restore your server only to find you've got the wrong data.
Backups can be really simple to set up and can often be scheduled to automatically run without you having to think about. Or, you could do them manually but you need to make sure it’s a part of your routine so you don’t forget to do it.
8. Use TLS (SSL) certificates
Still often referred to as SSL certificates, TLS (Transport Layer Security) certificates are the shinier, upgraded, more secure version of the protocol. They encrypt data when it’s transferred from server to server or from your server to a client’s browser. Most often than not they’re used to keep confidential information like bank details, names, addresses and financial records safe.
And even though they’re most known for encrypting personal information, they can also authenticate users, checking they have the right authority to connect.
9. Use a VPN
VPNs are the fourth most used security product/service for a reason – they keep your data away from prying eyes. More of a Windows server thing (although you can still use one for Linux), connecting using a VPN allows you to access your server using your own private network that encrypts data as it’s transferred between your device and the server. Plus, they let multiple servers under the same account communicate privately, so, if you want to keep your server secure a VPN is a no-brainer.
10. Choose a secure host
We’ve talked a lot about things you yourself can do to secure your server but if your host isn’t doing all they can then it’ll be like taking one step forward and two steps back – all your effort could be wasted.
Starting from the beginning, you should try to pick a host that takes security seriously. That includes using the latest software and hardware security measures in their data centres, having the right certifications to show security is a priority for them and doing what they can to help you secure your server.
What is server security hardening?
Server hardening is a term you may have seen thrown around when looking up how to secure your server. Put simply, it’s the process of securing your server by applying a combination of both basic and advanced security measures, addressing vulnerabilities in your server software and OS.
Typically server hardening includes things like using strong passwords, encrypting data, using backups and installing firewalls, all things we’ve included in our security tips. So, if you follow our checklist above, you’ll have a good head start on your server hardening!
From our VPS hosting to our Dedicated Servers, we do everything we can to help you secure your server, including full root access, easy firewall management and security add-ons like Cyber Protect and SSL certificates. Plus they’re all hosted in ISO 27001 certified data centres that are monitored round-the-clock by on-site engineers.