Because of their power and storage capacity, dedicated servers are usually only used by organisations that store a lot of data or run important applications. For this reason, keeping the server secure is essential to keep that data protected and ensure those applications remain online. With incidents of cyberattacks on the rise, here we look at some of the most effective things you can do to strengthen the security of your dedicated server.
Install updates promptly
Outdated software often contains vulnerabilities that cybercriminals seek to exploit. App developers regularly release updates and security patches so that those vulnerabilities can be removed and to remain secure, you should install them as soon as they are released. The longer you leave it, the more vulnerable your dedicated server is, as hackers will start to send out bots searching for systems that have still got outdated software. If possible, configure your apps to auto-update.
Scan for malware
Just as you would use an antivirus app with your PC and smartphone, you should also use a malware scanner to search your dedicated server for malware. Some types of malware are stealthy: they can remain dormant on your system for long periods and even operate unnoticed in the background, doing all kinds of damage, like stealing your data or using your server to distribute malware to others.
By regularly scanning for malware, you will be able to detect if your server has been infected and can quarantine and remove the offending software before it causes serious damage. For the best defence, automate the scanning process so that you never forget to do it.
Use DDoS Protection
In a DDoS (distributed denial of service) attack, a hacker bombards your server with so many simultaneous requests that it crashes. As this involves coordinating thousands of compromised computers to connect with your server at the same time, DDoS attacks are generally a deliberate attempt to target your company, usually with the aim of taking your website and online apps down.
To prevent DDoS attacks and their obvious consequences, make sure your dedicated server has an integrated DDoS shield. This will ensure that incoming traffic is monitored and that any requests that identify as suspicious can be diverted.
Use a VPN
With more employees accessing company systems over the internet, weak network security can become a real issue, especially if employees try to connect via unsecured networks, like public Wi-Fi. While you can put policies in place to insist on using secure networks, you can make network security far more robust by requiring users to use a VPN – this way, you’ll have military-grade encryption keeping network connections secure even over a public Wi-Fi network.
Change default SSH Port
Cybercriminals are well aware of all the default settings they can exploit, including default usernames, website admin login URLs, and in the case of dedicated servers, SSH ports. The default listening port for most dedicated servers is Port 22, which is why it’s the first port they search for when looking for a system to attack.
What’s more, by changing your SSH port to a number above 1024, most of the scanners that cybercriminals use will be unable to detect what port you are using, and this can help prevent them from carrying out a brute force attack.
Delete unused software
The same rule that applies to unused website plugins applies to unused dedicated server apps: as you are not using them, you are unlikely to keep them up to date and so leave them vulnerable to attack. The simple solution is not to disable them but to delete them. If you want to use them later, you can reinstall them. This will also free up valuable storage space on your dedicated server.
Enforce strong passwords
The latest brute force attack tools use AI to analyse databases of stolen login credentials in order to help them crack passwords. As weaker passwords can be cracked in a matter of seconds, it’s imperative to use strong ones. Generally speaking, if someone can remember what their password is, it’s probably not strong enough. To prevent this, enforce strong passwords and make use of strong password generators, password managers and two-factor authentication.
Set up access privileges
To keep your dedicated server secure, make sure that each user is only given access to the areas, applications and files that they need. Root access should only be given to the system admins, and the right to install applications should be kept to a minimum. For everyone else, access should be limited to what apps and data they need to do their jobs. Not only does this prevent employees from causing problems accidentally; it limits the damage that can be done if their accounts are hacked.
Keep your server backed up
The consequences of losing everything on your server can be catastrophic if you are unable to recover quickly. For this reason, having an effective backup solution is essential for today’s IT-reliant businesses.
For the greatest security, look for a backup solution that takes backups at the frequency you need, stores them remotely, encrypts them for security, and checks them to ensure they are not corrupted.
There is a multitude of threats that can affect a dedicated server and, hopefully, this post has addressed some of the ways you can rectify this. One solution that many businesses find useful is to choose managed dedicated server hosting. With Webhosting UK’s managed dedicated servers, many of the security features mentioned above are provided and managed for you. In this way, you are better protected and the security burden on your team is reduced.
For more information about our managed servers, visit our Dedicated Server page.