Linux VPS servers are known for their high-security model. In general, Linux VPS is much more secure than other operating systems like Windows. However, Linux is not perfectly secure and invulnerable to hacking. Here are the top 10 tips on how to secure a Linux VPS server and keep away hackers.
1. Regularly Update Server Software
Updating server software is a simple process. Just use apt-get (Ubuntu/ Debian) or rpm/yum package manager (CentOS/RHEL) to get newer versions of server software, components, and modules.
Additionally, you can set up the operating system to notify you of any package updates via email. That way, you will be kept on track of any changes. If you choose to automate the task, it’s easy to set up a cronjob to carry out any available security update on your behalf. Apply security patches promptly to avoid exposure to malicious attacks.
2. Disable Any Unused Network Port
Unused network services and open network ports are easy targets for cybercriminals. You’ll want to safeguard yourself from malicious exploitations by disabling any unused ports. The “netstat” command can help you see all the open ports and their services. Set up “iptables” to close down unused ports through the “chkconfig” command.
3. Eliminate Unwanted Modules/Packages
More often, you’ll never utilize all the packages and modules that came with the Linux distribution. Since every service is a point of weakness on its own, removing unwanted packages can reduce risks to cyber attacks. You should only run services that you actually use. Also, avoid installing unnecessary software.
4. Disable IPv6
IPv6 is superior to IPv4 in several ways, but very few people actually use it. If you don’t use IPv6, simply disable it. Hackers use IPv6 to send malicious traffic, so leaving the port open poses potential exploits.
5. Disable Root Logins
If you want a secure VPS, never log in under the default root username. Every Linux VPS comes with the username “root” by default. Hackers can use brute force attacks to try and crack your password and access your sensitive data. By disabling logins from the ‘root” username, you’ll add a layer of protection as it prevents hackers from easily guessing your password.
Create a different username and make of use of “sudo” command to carry out root level commands. Sudo is a secure, special access right that is given to authorized users to run administrative commands hence eliminating the need for root access. Before you disable the “root” account, be sure to create a non-root user and lay appropriate levels of authorization.
6. Change the SSH port
Hackers can’t crack your SSH when they can’t locate it in the first place. By configuring the SSH port number, you can prevent malicious programs from connecting directly to port 22 (the default port). To achieve this, open /etc/ssh/sshd_config and adjust various settings. Double check if the chosen port number is in use by another service to prevent clashes.
7. Use an Encryption
Even with a secure server, hackers can still target your data while in transit over the internet. It’s critical to encrypt your data transmission using foolproof passwords, certificates, and keys. A VPN is a great tool to encrypt your communications. A VPN tailored for Linux works well with Linux VPS server to provide top-notch security.
8. Create Strong Passwords
The biggest threat to security is weak passwords. Never allow empty password fields in user accounts or use easy passwords like 12345 or linux01. Ensure that your passwords combine lowercase and uppercase letters, special characters, as well as numbers. Set a password generator to prompt users to change old passwords periodically while restricting reuse of previous passwords. Also, use “faillog” command to lock users out of their accounts after a certain number of failed attempts.
9. Configure a Firewall
To completely secure your VPS, you need to set up a firewall. NetFilter is a great firewall that comes inbuilt in the Linux kernel. It’s easy to configure and make it filter out untrusted traffic and fight attacks from distributed denial of service (DDos).
10. Partition Disks
Improve your security even further by partitioning disks. Keep the operating system files separately from tmp files, user files, and third-party software. Also, disable SUID/SGID access as well as the binaries execution program (noexec) on the partition that contains the operating system.
Vulnerabilities in web servers can be catastrophic. There are millions of hackers working around the clock to take advantage of the slightest security loopholes. Use these tips to secure your VPS against potential threats.