Hackers And You – What Can You Do To Protect Your Server?
Welcome back to our series on Hackers and You. Previously we looked at who hackers are, why they hack and how they might go about hacking your server. With that information in mind, this time we’ll look at what you should be doing to protect your server from hackers.
User Accounts
The first thing to do is to make good use of user account management. There’s no reason to connect to your server as the default superuser account (Administrator on Windows, and root on Linux). You can create alternative accounts for your users and provide them with administrator access on Windows or sudo access on Linux systems. After this, the default administrator accounts can then be configured to disallow remote logins. These steps secure your server and make it more difficult for hackers attempting to brute force accounts on the server. Hackers will now need to guess the correct usernames as well as passwords.
Firewalls
The next thing is to make good use of firewalls. A firewall is a tool used to control access to specific communication ports on a computer. This can run either as a piece of software on the server such as Windows Defender Firewall or iptables on Linux. Your firewall can also be a separate hardware device that sits between the server and the network device. For most VPSs you will use a software firewall. As a general rule, you want to allow the least amount of access to a server that you can while maintaining functionality. So if you are using a server to serve websites, you’ll want to ensure that the web server software is accessible to the world, which would mean allowing all access to TCP ports 80 and 443. All other services should be locked down, especially management ones such as RDP on Windows, SSH on Linux and FTP if you use to upload files for your website.
We would recommend that you make a list of all the locations that you’ll be connecting to your server from and make a note of the IP addresses used there, and only allow those IP addresses to access those services while blocking the rest of the internet. In many cases, this tight level of control is difficult due to ISPs using shared pools of IPs for customers meaning that you may not have a consistent IP address. In this case, you can research your ISP’s assigned IP addresses and allow all of them access to the server, limiting access to only customers of your ISP. This is less secure, but still significantly more secure than leaving things open to the whole internet.
Additional Tools
There are also tools such as fail2ban on Linux that can be configured to watch for repeated connections to services from individual IP addresses that may indicate hacker activity and block them automatically. These tools simply monitor the event logs for the software that they work with, and then add firewall rules automatically for you. This can be a good way of improving security not only for secured services where you may be unable to lock down to individual IP addresses but also for public services such as your website where an attacker may attempt repeated connections to test SQL injection attacks or brute forcing website login attempts.
Software
With your server’s remote access secured, the next thing to take care of is your software. Software packages receive updates all the time, some with a scheduled cadence such as Microsoft’s Windows and others at random times such as many Linux distributions. It’s important to keep your software up to date to protect against vulnerabilities that a hacker could exploit. It’s also important to take the time to ensure that you either set your system to update automatically where required or to set up notifications to notify you of updates that you may need to install on your server.
While these three steps won’t fully protect you from a determined hacker who is targeting you specifically, they should be enough to prevent the average attacker from compromising your system and encourage them to move on to a weaker target. We aren’t finished here though. In part 5, we’ll be looking at tools to help you catch hackers and what to do if your server is hacked.