I find starting a new server very enjoyable (but at the same time it's somewhat of a risk). A server, being new, is free of anything (viruses/malware) but it's also wide open to the internet in many aspects.
Prior to doing anything on my new server, I follow a simple list of things to check. Interested in what I first check for?
Things that I typically do to protect a new server from unwanted users include:
I will perform the following tasks on an ongoing basis:
As part of my base Security Measures, I create the following options:
My SSH Connection Security consists of the following:
In addition to the time it saves, having regular backups can help you avoid unnecessary stress.
As I am creating a new server, I always ask myself, "If this server crashes today, how quickly can I restore from backup?"
Prior to doing anything on my new server, I follow a simple list of things to check. Interested in what I first check for?
Immediately secure access
The first thing I do when I set-up my new server is to make sure who is allowed to log in. I don't trust default setting, and neither should you. Default settings are exactly what hackers look for.Things that I typically do to protect a new server from unwanted users include:
- Change my root password
- Create an account with administrator privileges that uses something other than 'root' as the username
- Disable direct access to root via SSH (Secure Shell). I skipped this step once, and I had problems. I made sure to never let it happen again.
Immediately perform updates on new server
Sometimes, even a newly-built server will contain software older than what is current. Software that is old has security holes that hackers can take advantage of.I will perform the following tasks on an ongoing basis:
- Check for any system updates.
- Restart the server if necessary.
- Verify that all applications and services are operating fine.
I will create and enforce general Firewall rules
This allows me the flexibility of controlling what will remain open and getting rid of everything else, or otherwise known as 'Everything Else' while only allowing what is required.As part of my base Security Measures, I create the following options:
- Allows SSH Access
- Allows Web Server Ports if needed
- Blocks All Other System Ports
Optimize my SSH connection
SSH is the most utilized protocol I use every day. I have a complete and extensive amount of present day worries regarding Security.My SSH Connection Security consists of the following:
- Use of SSH Keys to log in and access servers
- Disabled Password Authentication
- Use of a Port other than 22 for my SSH service.
Establish backups and monitoring to help mitigate risk
It is imperative that backups are created and monitored as part of a strategy to protect against the risks associated with a hacked or downed server. When a server goes down (due to an error, security breach, etc.), your best course of action is often to restore your data from a backup.In addition to the time it saves, having regular backups can help you avoid unnecessary stress.
As I am creating a new server, I always ask myself, "If this server crashes today, how quickly can I restore from backup?"
