Resources

Server security basics: where to start

You don't need to be an expert to leave a server reasonably secure, but you do need to cover a few bases. These are the ones that actually prevent most trouble.

Lock down access properly

The first goal of anyone attacking is to get in. Use SSH keys instead of passwords, don't allow logging in directly as administrator, and keep only the users you need. A weak or reused password is the most common door.

Keep everything updated

Most attacks exploit flaws that are already known and fixed. Keeping the system and software up to date (in a controlled way) closes that door. What isn't updated gets exploited sooner or later.

Firewall: open only what you need

By default, close everything and open only the ports the service needs. The less exposed, the smaller the attack surface. What isn't open can't be attacked.

Protect against brute force

A tool that detects repeated login attempts and bans the IP automatically stops dictionary attacks dead. It's one of the most cost-effective things you can add: little effort, big effect.

Backups and monitoring as a safety net

Perfect security doesn't exist; that's why you need backups (off-site and tested) to recover from an incident, and monitoring that warns you early if something goes wrong. Catching it in time makes the difference.

Want your server reviewed and secured without going mad in the console? Write to us through the form and we'll scope it to measure.