Four Basic Dedicated Server Security Flaws
There are many things that can make your dedicated server vulnerable, but with a few changes you can prevent the most common security threats. These are the most common mistakes that customers make when setting up their server. We encourage even the most experienced system administrators to go down the list and ensure a secure server.
1. Create strong, complex passwords.
This is a basic problem with a simple solution, yet it needs to be repeated over and over. Technical websites put out articles about the worst passwords of the year. It’s easy to believe that dedicated server administrators and technical people are immune to this. We are not.
Passwords are commonly very simple, short, and predictable. As a minimum, login passwords should contain capital letters, lower case letters, numbers, and symbols. Passwords should be no shorter than 8 characters. Having a simple and short password allows brute force attacks to crack the password much faster than a more complicated password. Strong passwords are great, first layer deterrent against hackers.
2. Disable default administrative accounts.
With Linux, the default administrative account is “root”. Most Linux distributions have it enabled after the initial install and hackers very commonly target this account for brute force attacks to gain administrative control. The root account should be disabled. For Windows, the account name is “Administrator” and should also be disabled to reduce the attack surface area.
Related post: 6 Ways To Secure SSH for Dedicated Hosting
3. Change the default remote access port for Linux and Windows.
Hackers commonly scan for default open ports for remote access to attempt brute force and other vulnerability attempts. For Linux, the default port for SSH remote access is 22 and should be changed. The default port for Windows Remote Desktop Access is 3389 and should also be changed. Be sure to remember to update any firewall rules so you don’t accidentally lock yourself out.
4. Enable and lock down your firewall.
The default Windows and Linux configuration typically includes a ton of extra software that you may never use and is accessible over the internet. On many occasions, this software can typically have vulnerabilities that you may not know about. It’s best practice to close off any ports that you aren’t using and only keep ports open for services that your dedicated server is set up to use.
These are very basic security points, but are sometimes overlooked. Securing these things will help prevent a majority of attacks that are commonly seen against dedicated servers.