Control Panel Security

Many times, managing your dedicated server from the command line can be tedious, especially when there are web-based control panels that make a lot of administrative tasks easier.

Control panels are great, and some proprietary panels like cPanel and Plesk have become commonplace on servers all over the world.  The benefits aside, however, you should also consider the security risks that having web-based administrative access to your server present.  Here are a few tips to make sure your convenience does not become a liability:

1. Always use a secure connection.  Even if you have not purchased an SSL certificate, you can still generate your own and always access the panel using HTTPS.

2. Use a secure password, one that is unique and drastically different from your server’s root password.

3. Lock down as much as possible.  Many panels will let you do just about anything, but there are some features you may not need or want.  If possible, disable them.

4. Limit access.  Just like you would not hand out SSH access to just anyone, do not let your employees, clients, or anyone else into your panel unless it is absolutely necessary.

5. Access from a secure location.  Although part of the appeal of having a web-based control panel is that you can get to your server from any computer with a web browser, not all networks are secure.  You should be particularly concerned about coffee shops and other public places with Wi-Fi access but limited security.

Your control panel provides you with an easy way to manage your server, and with a few careful considerations, it can be an easy and secure alternative to command-line tools.