A Dedicated Server Security Checklist
After you’ve got your dedicated hosting provider and your hardware picked out, it’s important to create a regular schedule for maintaining and running your dedicated server. A large part of that is focusing on server security.
In this post you’ll find tips on how to secure a dedicated server. We will provide more detailed articles on certain areas of server security, so keep an eye on our blog for all things security!
Keep Server Software Updated
Outdated software is often the easiest way for intruders to gain access to dedicated servers. With package managers like apt-get and yum, it also happens to be one of the easiest things to keep up with as far as server security. Ensure EVERY piece of software on your server is up to date at all times. Run manual package updates, or if you are going to run updates automatically, religiously review log files to ensure that updates are actually processed.
Only Install What You Need
On the same note as keeping software updated is choosing software from reputable vendors as well as only installing and running required software. Extraneous software is simply another route of vulnerability for a server. This is especially true of WordPress hosted websites, where it’s easy to install plugins right from the dashboard. Only running what is required for your application allows system administrators to focus on keeping this software running securely, and also ensures your server is running efficiently.
Secure SSH and Remote Access
Consider things like changing the SSH port, disabling direct root login, restricting access to certain IP’s, and using SSH keys instead of passwords to secure SSH access to your server. Look out for our detailed look into securing SSH and remote access on your server.
Maintain and Secure Database Areas
Databases are often the point of intrusion because they may involve sensitive customer information and they have an interaction between the user and the server that is often vulnerable to attack. Consider databases a priority when defining security policies. Ensure your databases are resistant to SQL injection, minimize privileges your database users have, delete unneeded data, and avoid areas of interaction between customers and the database when it is not required. There are many database administration tools that could help you with this process.
Maintain Server Backups
When discussing security, it is important to realize that you must take a holistic approach. Security must be combined with the reality that data safety is equally as important as keeping intruders out. Maintain server backups in multiple onsite and offsite locations, and devise a plan for data restoration in the event of hard drive failure or external data compromise. The more of a business impact data loss would have, the more aggressive this backup strategy should become.
Define 911 Policies and A Chain of Command
Create a protocol for exactly what should happen in the event of a security breach or data loss. It is critical to ensuring these situations are handled effectively. Consider the following:
- Who is our data center point of contact and how can they be reached?
- What impact will a security breach have on customers and how will a password reset be conducted of user data?
- Do we have a statement prepared for users, and how will users be notified?
- Who will take the lead in our system admin team? Who is responsible if they are not around? Are there external management firms we can contact and who are they?
Writing out email statements about fictitious security incidents may seem like overkill, but being prepared for situations like this will not only keep your data safe, but also allow your organization to understand the impact of not securing your servers and data properly. Keep an eye on our blog for more tips on securing your dedicated host.
If you need help checking any of the above processes off your list, consider ReliableSite managed hosting.