Basic guide to securing your web hosting server
Tags: Apache Security, Hosting, PHP Security, Server Hardening, Server Security, Server Security Service
Do you think that your web hosting server is secured? There can not be a security solution that will make your server 100% hack proof but there are some basic steps that you can implement to keep away certain hackers from your server.
If you are in-charge of a managed server or managing the security of a server, here are some basic things that you can do on your own before you approach a server security service company.
Robust password policy: Implement a password policy such that the password contains a combination of numbers and alphabets. Try to use a password that does not contain names and easy to guess strings. Change the password once every month and do the same for all the user account on the server.
Shell access: Grant shell access to only those who need it. Don’t allow shell access to everyone. The best measure would be to disable shell access to everyone allow only certain IPs to connect on ssh port.
Software updates: Keep a track of updates and security patches of all the softwares that are installed on the server. Subscribing to the mailing list of the software vendors is often very useful.
Security audit: Conduct regular audit of files and folders and check for permissions assigned to them. Audit the log files and check for failed login attempts and the IPs from which login attempts were made.
Secure ports: Shutdown or disable ports that are not required to run on the server. Uninstall the softwares that are not required and disable services that will not be used. Allow only certain IPs to access ports based on need. For example: port 80 could be opened for public while ssh port could be opened only for certain IPs. Use ssh keys as far as possible.
Secure web server: Download and install mod_security for Apache web server and implement a good set of rules. You can look at sample rules set at Got Root.
Secure PHP: If your server runs PHP, you may want to install Suhosin which is an advanced protection system for PHP installations and designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core.
If you have more tips, please post them in the comments section below.
[tags]Hosting, Server Security, Server Hardening, Apache Security, PHP Security, Server Security Service[/tags]
