SSL certificates are an important part of online business. They bind small digital files with a cryptographic key to ensure safety during online transactions. After they have been installed on a server, they will activate a padlock, which will show up in the browser. This allows for a secure connection between the browser and the […]
Archive for the 'Server Security' Category
In the previous post, we explained how to check your Linux server for the highly publicized Shellshock vulnerability in Bash. Fortunately, most, if not all, major Linux distributions have already uploaded the fix into their package management repositories. All you have to do is install the latest version. Unfortunately, there is some evidence to suggest […]
The hosting world has been hit with yet another highly publicized server vulnerability. This one affects the ubiquitous shell program GNU Bash and is referred to as Shellshock. Most Linux, BSD and Mac OS X operating systems and variants use Bash or derivatives of it. All Bash versions between versions 1.14 and 4.3 are […]
One of your best weapons in the fight for server security is strong password management. Using the password policies you set in Linux, you enforce strong passwords, require password renewals and many other effective security measures.
First, you should install the cracklib module for PAM. Cracklib tests password strength. If you are using RHEL, CentOS or […]
Encryption has become a highly requested feature on the web lately with all of the talk of government spying, heartbleed and general security concerns. While most discussion has centered around encrypting the transport of data (via SSL), you might also want your data encrypted on disk as well. On a Linux-based server, you can encrypt […]
Heartbleed, the highly publicized OpenSSL bug with the unfortunate name, has a lot of system administrators scurrying to fix the problem. If you have not heard about it by now, it is a security hole found in OpenSSL’s TLS heartbeat extension that a cyber criminal can use to reveal 64k of memory on a connected […]
SSH tunneling is a method of connection that, as the name implies, tunnels your information stream through SSH. The result is an encrypted and secure transaction, even if the standard connection method itself is not normally secure. Many system administrators may use SSH tunneling for file transfer, database management and many other tasks.
The benefits […]
In a previous post, we highlighted some crucial security measures you should adopt to keep your dedicated server safe. What follows are five more tips that are of equal or even greater importance.
1. Restrict root – Root, the administrator or super user has full control of your server. Ideally, only one person should be […]
As we approach the end of the year, now might be a good time to review your security practices and fix any weaknesses in your system. The following are 5 basic security tips to keep your server secure.
1. Secure remote access – Whenever possible limit the amount of remote access users can obtain, and secure […]
In a previous post, we learned how to install a basic LAMP server setup on an Ubuntu Server. Once you have Apache, MySQL, and PHP up and running, you should strongly consider reconfiguring your firewall to accommodate it, while still keeping your server secure. While you could labor at iptables configuration manually, […]
On a basic Linux system, passwords are stored in the /etc/passwd file. This is usually OK for a single-user system, but on a multi-user system, such as a server, the passwords should be hidden and encrypted. Shadow passwords allow you to do just that . On Red Hat Enterprise Linux and CentOS, the shadow-utils package […]
Worried about malware? No? You should be. Cyber criminals are always looking for new and creative ways to attack your server or user your dedicated server to attack others. There are plenty of prevention methods you can have in place, but you should also have a system for detecting malware that may have already made […]
Monitoring your server is a great way to prevent cyber attacks and stop those that might be in progress. Unfortunately, you cannot always be present to monitor your server. Unless you are an android, you likely still require sleep. For those times when you cannot be be present, Fail2ban is an excellent friend to have.
Downloading a file from your server should not be tricky. If it is a web-facing file, you can usually download it with your web browser. If it is not, you could use FTP. The problem with both of these options, FTP and HTTP, is that neither is truly secure. If you need to download a […]
Malware and Spam
Of all the security problems a server might have, malware and spam are particularly despicable. Few things are worse than finding out you have a virus or other malware infecting your system.
Linux servers do not have to worry about nearly as many viruses as Windows servers do. Nevertheless, you should still […]
When it comes to network security, your firewall is one of your most important tools. It is generally a good idea to have multiple lines of defense, such as a router-level firewall and also a server-level firewall that is software-based. Usually, you can block most ports with your firewall, and only allow […]
Every Linux operating system keeps logs for system processes and applications. You can use those logs to monitor server performance and also sniff out any abnormalities that may be security security related.
There are some common Linux logs that are more important than others, such as the kernel log, authentication log, web server […]
Over the years at Dedicated Server School, we have provided you with numerous security tips, often on an individual and specific level. This five-part series will instead give a general overview of Linux server security to serve as a quick reference tool whenever you might need it. Rather than searching for the security topic you […]
As the end of the year approaches, now is a good time to make sure your server is living up to your security standards. It might be easy to neglect if you do not have any noticeable security problems, but the only way to truly know how your server is fairing is to run a […]
A server is only as strong as its weakest user, and a weak user will have a weak password. One way you can at least make passwords a little more secure is to require users to routinely change them. To do so, use the login.defs file to set the number of days until users are […]
The last thing you would ever want or need on your dedicated server is for an unauthorized user to gain root access. This applies to both those external users with malicious intent and those who have limited privileges and may just play around with their newfound powers. Either way, it is bad news. One practical […]
Linux dedicated server security does not have to be overly complex. With the right tools, you can accomplish your security goals with efficiency. One such project, Sentry Tools, offers host-level security services for Linux and other Unix-like operating systems.
Sentry Tools includes: PortSentry, Logcheck/LogSentry, and HostSentry. PortySentry protects against portscans. LogSentry automates log file […]
Connecting to an SSH server is usually pretty straightforward, and your login credentials are encrypted for security. This makes SSH useful for other types of connections beyond basic shell access. Backup/syncing tools like rsync can use it, and file transfer programs like SCP for SFTP can use SSH technology for secure file transfers.
In part one, […]
In a previous post, we explained how to use “su” to execute a command as another user, but that is only one of the many ways you can accomplish this on a Linux or Unix server. The following techniques each have their own advantages and can help you run programs under different user identifications.
runuser – […]
Malware is in the news all the time. From high profile cyber attacks on government infrastructure, to viruses that affect millions of home computers, malware is everywhere. As a system administrator, should you be concerned about malware on your dedicated server or virtual private server(VPS)?
First, we should have a clear definition of what malware is. […]
It is generally not a good idea to disable the firewall on your dedicated server, but there are instances when it might be necessary. For example, if you need to run some network tests or perform some type of maintenance, you may need to have your firewall disabled. Most Linux distributions come with the standard […]
When covering application security, there are three basic application types you should consider:
Standard applications that you install directly on your server’s operating system and run only when you need them
Applications that are run as daemons or services, starting at boot time and continuing to run as long as the server is on
Web applications […]
The security of your operating system can be very complex. It is a large collection of software that has direct access to your hardware. Therefore, it is crucial to maintain an ongoing security policy for protecting your server’s OS.
The following items should be at the top of your server OS security list:
Kernel updates – The […]
In order for a network to be secure, you need to have some type of firewall in place. Firewalls typically protect your server from a wide variety of network attacks, all of which focus on weaknesses or holes in your network. For example, an cyber-criminal may scan your server for an open, unused port and […]
Protecting your dedicated server from cyber-attacks is always a critical part of system security. You have, after all, invested time and money into protecting your websites and the websites of any clients you might have. Nevertheless, you should not assume that everything is fine with your server simply because it appears to be functioning. It […]