Having an internet connection is like a basic necessity in the 21st century. There are just so many things that you can easily do over the internet. It is a boon in the fact that it has successfully brought the whole world within your fingertips. Be it a P or a smartphone you can access the internet from anywhere, anytime, and look for whatever you want. The internet is also an amazing place to start with your entrepreneurship idea or go online with your business.
Despite so many terrific advantages, there is one major fault with the internet. This is the presence of malicious programs, viruses, and hackers over the internet. These individual persons, groups, or groups target the data you are storing and modify, alter, or destroy it or use it to their advantage. No one is entirely safe over the internet and you can only take more and more precautionary measures to prevent such unauthorized and harmful activities. If you are using a Linux OS to run your VPS, then you are on the luckier side as Linux is an exceptional platform when it comes to security. There are many easy as well as relatively advanced methods that you can easily employ in Linux to give it an edge of security and prevent different kinds of attacks! We will be discussing some of the most impressive methods using which you can easily amp up your security in a Linux based operating system.
20 Best Ways to Secure Linux VPS from Hackers
- No Root Access
Root access grants a user all kinds of access into the computer system and the databases that are running a website. This is like the processing center of the server where all data and information to and from the system are processed. In a Linux based system, “Root” is generally put in as the username and any hacker can crack the password using brute force. You have to ensure that such a thing does not happen and thus the first thing you need to do is change the user name to your account. You will also need to give appropriate authorizations to the new username to conduct your work smoothly and efficiently. Just be sure to set the “PermitRootLogin” parameter to “NO” at “/etc/ssh/sshd_config” once you have crafted your new username.
- SSH Port Changes
SSH is the place that gets hacked easily. However, think of a situation where the SSH cannot be found! A hacker simply cannot hack something that does not exist. Well, you cannot do without the SSH port but you can change the number to the SSH port. Once you have changed the number there is no way a hacker can get to your SSH port and access it. The way to do so is very simple. All you need to do is open “/etc/ssh/sshd_config” and therein you will find all the necessary areas that you need to change the settings for. Remember to check whether the port number you are going to use is not already taken up to prevent any kind of a clash.
- Updated Software
An important step to prevent hackers and malicious programs from affecting your system us to update the server software applications regularly. Linux itself along with most of the programs that run on Linux is open source. This means that anyone out there can look and go through the codes that run the system. In the wrong hands, they can also look for all the loopholes in the source code and devise ways to probe into your system. However, when you keep updating your system, such loopholes are covered by security patches from time to time making your system much more secure!
- Remove Unused Network Ports
A network port, when left unused is a hub for hackers to slip into your system and cause you damage. These are very easy to target regions for your system and you need to keep a tab on all your network ports and the functions they are conducing. You can type in “netstat”, a command that enables you to check all your network ports and the services they are performing. You can set up “iptables” that will allow you to close all the open ports and even use the “chkconfig” command that enables you to close all kinds of unwanted services. If you are using a firewall for increased security measures you will also be able to easily automate the rules that regulate the “iptables” thus systematically closing down all the ports and services that you do not need.
- Remove Modules/Packages Which Are Not Required
When you go for a Linux based operating system you are given a ton load of packages that come useful in many different ways. However, you will not need all the packages that are given to you. These packages and services can act as potential weak spots through which a hacker can slip into your system. The best way to deal with services that you do not need us to remove them. They not only save you space in the system’s memory but will also help you prevent unprecedented attacks. You also should be careful not to be installing services and packages that won’t be needing.
- Disable IPv6
IPv6 has a ton load of advantages over IPv4. However, when you are running a website through a server you will not be needing or using IPv6. This same access point may be used by hackers to gain entry into your system and compromise all your data. They can also send malicious programs through the IPv6 gateway that can adversely affect your data. Thus you need to keep IPv6 disabled to prevent such a kind of attack. You need to go to /etc/syscinfig/network and change the settings there. Once you are done with changing the settings it should read NETWORKING_IPV6=no and IPV^INT=no.
- GnuPG Encryption
When your data is being transferred from one point to another over the network, it is at the weakest. This is the time when hackers are most likely to attack your system and fish for data. This brings to notice how important encryption and authentication can be. When you encrypt your data, chances of it being hacked is much less as only the sender and receiver are likely to be able to interpret it. GnuPG is an impressive encryption tool that can help you in this respect. The encryption tool will utilize a “public key” that cannot be opened by anybody but the intended receiver who will have ”private key”.
- Password Policies
The password is one of the strongest and the weakest parts of your system. When you have a complicated password. However, a simple password such as “123456” or “qwerty123” is very common. In fact, “123456” is one of the most common and most hacked passwords out there. Thus when you are running a website based business, you should set certain parameters among your employees to set a good password. Alphanumeric and special characters should all be a part of the password to make it difficult to crack. The password that they create should also be sufficiently long, the longer the password the more difficult it is to crack. Such policies will ensure that all your employees use a strong password to enter the website. Even a single weak password will be more than enough to compromise the security of the website and thus it should be prevented anyhow.
- Firewall Configuration
A Firewall is one of the first lines of protection against any outside and malicious attacks on your system. When you use a firewall it technically filters the information that can get into your system from outside. The firewall does not affect the information that is moving out of your system though! When you are using a Linux based operating system, NetFilter us a firewall that is integrated into the system. Combining NetFilter with iptables, you can easily counter DDoS attacks without much problem. Another impressive firewall that you can use on Linux is TPWrapper which can filter everything that has access to your network. There are many other Firewall options that you can opt for such as
- Disk Partitioning
Disk partitioning is a simple act but can have major benefits. You will simply create different segments in your hard disk such that all of your data is NOT stored in one place. The files that run your operating system should be kept separately from the files that run your website and other software applications. This helps to keep your operating system safe and running. Using a separate disk space to run your operating system also has a profound effect on the OS- it will work seamlessly and without any burden as the other files can take up a lot of your resources hindering the working of the system. When you are running a Linux based operating system you will also be able to disable the SUID/SGID feature and also the binary executions on your operating system dis space keeping it cleaner and much more efficient.
- Boot Read-Only
You will need files specific to kernel when you are running a website on the Linux servers. They are stored in your system and are accessible under the “/boot” directory. In any system, the access to this directory is set as read-write. This implies that you or someone else can easily open the directory, go through the files, and make any kind of modifications. You should disable the write feature to this directory as an extra level of protection. All you need to do to achieve such a feat is edit the “/etc/fstab” file and you are good to go. This ensures that your “/boot” directory becomes read-only and if ever you need to make a change then just revert the settings.
- SFTP and NOT FTP!
File Transfer Protocol (FTP) is an essential part of your server. This is the key to transferring information over the network. However, as discussed earlier, data is most vulnerable when it is being transferred. This can be intercepted at this point in such a way that any traffic moving to and fro your network can be halted and that is very bad for your page! Both FTP and FTPS (FTP over TLS) are outdated in this regard. In both these setups, you will see that encryption is done on the credentials alone. However, if you go for SFTP or secure-FTP, you are sure to have your data fully encrypted when it is being transferred. This serves as quite an important security feature to protect your website against attacks.
- Use Firewall
The firewall is the gateway through which all information passing over the network to your system is screened and moderated. It will immediately block access to any data that is coming from a malicious source. Getting a firewall should be the first step when you are trying to go online on VPS or even when you are simply using the internet. The firewall will act effectively to prevent access to data that may affect your system. However, one should note that the firewall monitors the information that is coming into of the system and not what is going out!
- Antivirus Software Applications
A firewall may act as the first defense base for your system and your website but it is not complete. Many files may slip through the Firewall and enter your system. Once inside, they cannot be detected by the firewall and will be free to act on your system in any way. An antivirus or an anti-malware program is of terrific help at such situations. These programs are designed to scan and monitor your system as well as any information that is entering your system. Even when you are going for anti-malware software, you should go for the paid ones because the free software applications are not that good.
- CMS Updates
The Content Management System is an integral part of your system and it helps to run your website. The many CMS available are mostly open source and thus can be read by hackers and potential attackers. They will look for loopholes in the existing code and will try to use it to their advantage. However, all CMS are regularly updated such that the loopholes are fixed with security patches and new features could be uploaded. You need to regularly update your CMS at least for the former reason if nit the latter. A regularly updated CMS is much more fluid and before an attacker can figure out the loopholes, a new update is there to fix it!
- cPHulk in WHM
Firewalls are effective in blocking harmful traffic but they are not full-proof. There could be “crack” in the firewall through which a seemingly good file may pass through which may later prove to be fatal. When you are using a Linux based server you will have cPanel to manage all your tasks. cPanel comes with cPHulk, which will act on your website as a second-in-base line of defense. When you activate the cPHulk Brute Force Protection it will block a lot more attacks such as repeated tries to figure out the password) which the firewall may overlook. In fact, cPHulk is so efficient that it will block the ability to log in before a firewall in your system.
- Anonymous FTP Uploads are a Big NO!
FTP uploads are a necessary function in some sites such as healthcare websites. However, when you are using a control panel such as cPanel and Plesk, the FTP upload feature is switched off. This is because, when you give the liberty to your users to upload files anonymously into your website, it could be taken advantage of. All kinds of files could be uploaded that may inadvertently harm your system. You should keep FTP uploads disabled. Even if you have to use FTP uploads, you should set all kinds of parameters limiting the kinds of files that could be uploaded to your website keeping it safe and secure.
- Rootkit Scanner
A rootkit is one of the biggest threats that could infect your system. A rootkit will exist at the root levels of your system playing a much more integral part. Since it is embedded so much deeper than any other security software as access to, it can work seamlessly to convey information to and from your system. It is difficult to track or monitor a rootkit infection in your system. Luckily enough, there is a tool called “chrootkit” which can track a rootkit infection. It is an open-source program and is easily available over the internet.
You should understand that “chrootkit” is effective in detecting a rootkit infection and not remove one. It is immensely difficult to tackle a rootkit infection. In most situations, the best response to such an occurrence would be to entirely reinstall the OS!
- Regular Backups
A very prominent method of securing your data is to get regular backups. People will often tend to overlook this simple and easy step as it is a bit cumbersome. However, there can be nothing so beneficial as regularly updating all your data. You see, irrespective of the kind of security measure that you take, there remains some loopholes in all those lines of code. These very small and insignificant loopholes may compromise your system despite the most stringent security measures leading to loss of data. However, when you have regular backups, you are always ready to get back on foot in no time. It will still be testing for you, but with your backups, you will have to work much less and need much less time to get online again.
- Strong Password
Nobody can ever stress on how important the role of a password is. Thus, a password should not simple or easy or memorable- it should not be anything easy to guess. A password should be tricky and complicated and comprise all kinds of alphanumeric and special characters. It should also be sufficiently long, the longer the password, the more difficult it is to crack!
A vulnerability in the web server’s infrastructure can be very crucial and problematic to you. No matter how many security measures you take, you can never get rid of all the vulnerabilities. You can just try to be as secure as possible over the internet keeping away from all kinds of malicious activities. You need to take as much care of your VPS as you possibly can as someone is working out there tirelessly to get past all your security measures.
The most attacked sites nowadays are the corporate ones and e-commerce websites. These sites cater to very personal and crucial information from their clients which can be fatal in the wrong hands. The basic most of security measures can help prevent an attack and one must follow all kinds of protocols while maintaining a website.