Improving server security: what to do first

With the growing number of cyber attacks and data breaches, the issue of server security is becoming more and more important. And as the digital age has made adjustments, it’s not just a matter of preserving data, but also your business’s profits and reputation. Let’s look at the key steps you need to take to improve security.

Partitioning and disk mounting options

File system partitioning helps isolate and protect system files from users and applications that may pose a threat.

Servers should have separate partitions for different system directories. This limits the ability to attack the entire system through a single vulnerable partition. For example, /tmp, /var, and /home should be placed in separate partitions. This prevents disk space overflow and limits the ability to make changes to other parts of the file system.

It is also important to use the correct mount options for each partition. For example, you can use the noexec, nosuid, and nodev options for partitions where you do not want to execute binary files or use devices to prevent unwanted code from executing.

In general, properly partitioning and mounting disks can greatly improve server security by creating additional layers of protection for system files.

Software update

The simplest, yet critical, way to improve server security is through software updates. After all, a huge number of attacks on servers exploit known vulnerabilities in software that have already been patched in newer versions. To prevent this outcome, you need to:

• Conduct regular updates. Servers should be configured for automatic updates or regular manual updates. This ensures that all the latest security patches are applied as soon as possible.
• Keep up to date with security updates for all programs installed on the server. Very often, software vendors release special updates designed to address specific security threats.
• Conduct software audits. This will help ensure that the server is free of outdated or unnecessary programs that could serve as a potential security threat.

Some users ignore software updates, but sometimes it can be dangerous, because it is an important step in securing the server. It helps prevent attacks that exploit known vulnerabilities and protect your server from potential threats.

SSH security, key authorization

SSH (Secure Shell) is the primary way to remotely access a server, and protecting it is an important security step. To protect access, it’s important:

• Use keys for authorization. One of the most effective ways to secure SSH is to use a key pair instead of a password. Keys are usually longer and more complex than passwords, making them more resistant to bruteforcing (brute-force attacks). It is important to keep the private key in a secure location and never transmit it through unsecured channels.
• Change the default SSH port. By default, SSH uses port 22. By changing it to an unfamiliar port, you can reduce the number of unauthorized access attempts.
• Access Restriction. SSH access should be limited to only those IP addresses that actually need remote access. This can be done using an SSH configuration file or by using a firewall system.
• Deny root login. Directly logging in with root privileges via SSH is a bad practice. It is better to create a separate user with sudo privileges and use it for administrative tasks.

Properly configuring and securing SSH can greatly increase the security of your server, reducing the risk of unauthorized access.

Periodic change of passwords for accounts

Changing passwords periodically helps prevent unauthorized access if your current password becomes known. It’s important to follow a few tips here:

• Change passwords every 2-3 months. This is enough time to prevent most attacks, but not to inconvenience users.
• Use complex passwords. If you change it, you should use a new complex password. It should be a set of random characters including letters, numbers, and special characters. The password should be at least 8 characters long, although 12 or more is recommended.
• Use only unique passwords. You don’t need to use the same password for different accounts.
• Use a password manager. They can automatically generate and store complex passwords, making it easy to update them regularly.

It is important to remember, however, that changing passwords periodically is only one security measure. It should be used in conjunction with other methods.

Uninstalling X Windows components

X Windows is a windowing system that is used in most Linux distributions. However, it is often unnecessary on servers, and removing it can improve security and performance. To uninstall X Windows components in Ubuntu, follow these instructions:

1. Open a terminal and enter the following command to get a list of all installed X11 packages:
   dpkg –get-selections | grep xserver
2. This command will list all packages related to X11. You can remove them by typing the following command:
   sudo apt-get remove “package_name”
   Specify the name of the package you want to remove (for example, “xserver-common”).
3. Repeat step 2 for each package you want to remove.

Note that uninstalling X Windows may affect the functionality of some programs that depend on this system. So before deleting it, make sure you really don’t need it.

Ensuring protection of the operating system kernel

Protecting the kernel of the operating system is critical to security. Some ways to protect the kernel:

• Updates and patches. The first and most important step is to keep your system “up to date”. This includes applying security updates and patches on a regular basis.
• Grsecurity/PaX. Grsecurity and PaX are patches for the Linux kernel that add a number of security features (kernel and user process memory protection, forced access control, etc.).
• SELinux/AppArmor. SELinux (Security-Enhanced Linux) and AppArmor (Application Armor) are role-based access control systems that allow administrators to more finely control which processes and users can interact with the system.
• Hiding the kernel version. Attackers can use kernel version information to find known vulnerabilities. By withholding this information, you may make it harder for them to do so.
• Restricting direct memory access. Direct memory access can be used by hackers to bypass security mechanisms. In most cases, it can be safely disabled.
• Prevent unnecessary kernel modules from being loaded. Loading unnecessary kernel modules can also increase the attack surface. Disabling automatic downloading of these modules will enhance security.

Security is an ongoing process and it is important to regularly review and update your security policies and procedures.

Setting and configuring file access rights

Properly configured access rights can prevent unauthorized access and modification of critical files and directories, which helps reduce the risk of attacks and data loss. This whole process can be divided into several components.

Setting up the owner and group

It is important to make sure that each file and directory has the correct owner and group. This can be done with the chown and chgrp commands. For example, to change the file owner to “username” and the group to “groupname”, you would use the following commands:

chown username filename

chgrp groupname filename

Customizing permissions

Permissions define what a user or group can do with a file or directory. In Linux, each file and directory has three types of permissions: read (r), write (w) and the execution of (x). These permissions can be set for three types of users: owner (u), group (g), and other (o).

You can use the chmod command to set permissions. For example, to set read, write, and execute permissions for the owner, read and execute for the group, and read-only for others, you would use the following command:

chmod u=rwx,g=rx,o=r filename

Using ACLs

In some cases, the standard Unix permissions are not enough. Then you can use access control lists (ACLs), which provide more fine-tuning of access rights.

Minimizing access rights

For security purposes, it is important to follow the principle of least privilege – that is, each user or process should be granted the least amount of privileges possible to perform tasks.

Regular audit

It is recommended that you regularly check file and directory permissions to ensure that they remain correct. After all, server security is an ongoing process, so it’s important to always be on the lookout.

Improving web server security

To improve your web server security, you need to:

• Keep all server components up to date, including the operating system, web server, PHP, databases and other scripts. This step is one of the most in security.
• Configure file and directory permissions so that each user has the minimum required read, write, and execute permissions.
• Use Firewall to restrict access to the server. Allow only those connections that are really necessary for the site to work.
• Use SSL/TLS. If your site handles sensitive information such as passwords or credit data, be sure to use a secure connection (HTTPS) over SSL or TLS.
• Make backups on a regular basis. This can prevent data loss in the event of an attack or failure.
• Use monitoring tools to track unusual activity on the server. Check the server logs regularly for suspicious activity.

Safety is never unnecessary, so all of these methods should work together.

Ensuring physical security of the server

A server is first and foremost a physical object, it needs to be protected like any other physical object. There are several ways to help you realize this goal:

• Safe Placement. Servers should be housed in enclosed areas with limited access. This is best done in a dedicated data center, but if you don’t have one, colocation is a great alternative.
• Access Control. Access to servers must be strictly controlled. Appropriate precautions should include the use of electronic access cards, biometric scanners and video surveillance.
• Fire Protection. Servers need to be protected from fire, and automatic fire suppression systems are a great way to do that.
• Flood Protection. If the servers are in a flood risk area, appropriate protection measures (high equipment shelves, sealed doors, etc.) should be provided.
• Protection against voltage interruptions. Use uninterruptible power supply and generators to keep servers running continuously even during power failures.
• Regular Maintenance. Perform regular maintenance and equipment checks to prevent equipment failure.
• Climate Control. Servers generate a lot of heat, so it is important to provide adequate cooling to prevent overheating.
• Disaster Planning. It is important to have a disaster recovery plan in place, which may include backing up data and ensuring that servers can be restored quickly.

No matter how well your data is protected from hacking attempts, your entire security system can be jeopardized if the server hardware is not physically protected.

Server backup

Server backups are key to keeping your data safe. Here are some useful tips that will help you realize it competently:

• Perform backups regularly, according to your data retention requirements. You can do this weekly, daily, or even more frequently depending on the importance of the information you want to protect.
• Create copies on different media and in different locations: external disks, cloud storage, separate servers, and more. Choose the storage location that provides the best protection and availability of your data.
• Select a backup method. There are different backup methods, including full, incremental, and differential Each has its pros and cons, so you need to choose the one that best suits your purposes.
• Use backup software to automate the process and reduce the chance of errors.
• Use a backup rotation scheme (e.g., Grandfather-Father-Son) to balance storage costs with data availability.

Backups are insurance to help you recover your data in case of loss. They should not be neglected, as they are one of the most important aspects in improving server security.