How to improve the security of your dedicated server

Dedicated servers are great. You can rent an otherwise very expensive hardware and use it for your projects. You also get the benefits of the same server being in a data center with proper infrastructure and security.

Another advantage of using a dedicated server is that all of its resources are available only to you. You can do everything you want with the server (within the Terms & Conditions of the provider, of course). This, though, means you are responsible for securing your project. Luckily, it’s not as a tough task as it may seem. Let’s explore several ways to further improve the security of your dedicated server.2

The easiest way

Do you research when choosing a dedicated server provider. Cloudware’s dedicated servers, for example, are located in Neterra’s enterprise-grade data centers. These facilities cover all of the top requirements for quality, availability and security.

As a result, you have the physical security of the server completely covered. The infrastructure security is also top notch. And some providers offer additional security services. Cloudware’s dedicated servers, for example, get DDoS protection.

So, you’re already off to a good start and have very decent security. Now, depending on what you are actually going to use the server for, you will also have to add some additional security features. There are some universally good practices that you should adhere to in order to run a tidy security ship. Let’s dive in.

Update everything

When you install new software, you’re tempted to start using it as fast as possible. But hold on. The first thing you do should be to update everything to the latest possible version. This way you will get the best security updates and patches.

Yes, regular updates can be a bit of a pain. It’s possible that they “break” something. And it can get time-consuming to install update after update all the time. You can solve this by setting up an update schedule. Run the updates twice a month, for example, but also always be ready to install emergency updates if needed.

Use the “update days” to run a bit of a maintenance – clean up older installation files. Run optimizations if needed.

Encrypt the traffic

These days using an unencrypted connection is a big no-no. TLS interfaces, SSH, connections, they are all vital to add to your dedicated server. At the very least search engines and browsers are starting to penalize sites that don’t support encrypted connections.

Having an SSL certificate is also a must. All of this will add important layers of security to your site, app or whatever else you’re using the dedicated server for.

Change the SSH Listen Port

By default, SSH uses port 22. As a result, hackers have developed automated tools that brute-force usernames and passwords via that port. If you change it to something else, you’ll instantly lower the risk for your server.

The same goes for all other platforms and default ports. Also, do note that this can interfere with settings and clients. So, when you change ports, make sure to check and update the settings on related services just in case.

Access via trusted networks and VPN

Sometimes it’s tempting to use free Wi-Fi to do some work on your dedicated server. That’s not a good idea as you can’t know who is using that Wi-Fi for tracing and hack attacks. It’s a good security practice to access such delicate platforms only via trusted networks and VPN services. This way you lower the risk of a breach.

Limit the access

Another good security practice is to limit the access to the server as a whole. At least to the admin side. You can create users with limited permissions so that they can only access what is needed for them to work, but not have the full admin features.

Also, create restrictions for accessing the login page in the first place. Depending on the type of platform you will use, this can be done via different ways. You can limit the IPs which can have access to the backend, you can blacklist known risk networks and so on.

The possibilities are quite a lot and will vary depending on the server usage. Do make sure you research the options, though, as limiting the access can be both very beneficial for the security side of things, but it can negatively impact visitors sometimes.

Add Multi-Factor Authentication

If you implement multi-factor authentication for the user and admin profiles, you will give a nice boost to your security. There are plenty of multi-factor services out there, some are free and by big names like Google.

By adding such a feature, you will solve a lot of potential issues with weak passwords by users and limit the risk of phishing attempts. You will also make life for hackers a bit more difficult and a lot of them can opt simply to go for some easier targets.

Check all the settings

As we mentioned earlier, platforms have default ports that they use upon the initial installation. It’s the same with all other settings. Sometimes some important security features are disabled by default. Why? Because it’s going to be easier to access and configure the platform initially. But it’s highly recommended that you eventually enable these features.

It’s important to set aside some time and patiently explore all of the settings of your platforms of choice. Check all of the settings, research the features and how they apply to you. Activate security options accordingly if they won’t disrupt your business.

Remove all unneeded modules

While you’re at it, also disable and even remove any plugins, modules and features you won’t need. Any such module is a potential security risk. Plus, they can actually consume system resources, even if they aren’t used. Yes, it’s a small amount, but many tiny drops eventually make a puddle.

Adopt the “not in use = remove” method. You can always re-add the features at a later date, if the need for them arises. And because updates and new installations can add more new stuff you don’t need, you need to do these checks as part of your regular server maintenance.

Don’t forget the databases

Database maintenance is also very important. Minimize the options for accessing the database in the first place. Delete unwanted data and run regular optimizations for the structure. This way the database will operate better, but it will also be more secure.

Your main goal will be to lower the risk for SQL injections. The basic tips above will be a nice foundation for that. If you are going to use sensitive data, then it’s recommended that you add further security features and database administrative tools and services. There’s plenty of them online, all tailored for specific needs and goals.

Use a CDN

A CDN (Content Delivery Network) can mitigate a big chunk of the mundane, but high-risk traffic. With a CDN you can basically outsource the handling of images and other elements that usually generate a lot of traffic and can be a leeway for DDoS attacks or attempts for data interceptions and other hacking activities.

CDNs will also take some of the heavy lifting, leaving more resources of your dedicated server for modules and users. This will increase the speed of the service you provide and improve user experiences, too. Those are nice side benefits to have in addition to the security improvements.

It’s a marathon. A long marathon.

Cybersecurity is constantly changing. New threats, new risks and new solutions will pop up all the time. You have to know and accept that.

This means that proper security isn’t a one-and-done thing. You don’t just activate the features and that’s it. You will have to include security in your regular server maintenance. If you want a well-running service, happy users and good reputation, proper security is vital.

Be agile

This is another step beyond just knowing that you will have to deal with security features and issues all the time. It also means being ready to act fast at any time.

Sometimes it may not be as simple as installing an emergency update. It may require bringing in bigger changes to an entire module, reconfiguring a feature. You may even need to completely change an installation or migrate to another platform.

Backup always and forever

Yes, yes. You’ve tired of hearing that. Yet, backups are still neglected. In the event of a ransomware attack, a breach-and-delete or other hacking incident, having a proper, recent backup can save your entire business. At the very least, if the above-mentioned migration goes wonky, you can still save your work thanks to a proper backup.

Using a dedicated server means implementing a backup is even more important as there’s no one else who can help you. There are plenty of ways to create images and backups of the entire server with the OS and everything. This way if something happens, you simply use the backup to restore the full functionality in a jiffy.

Of course, for that to happen, you need to run regular, scheduled backups and make sure they are stored on a separate location. Your own machine or a separate cloud or dedicated server would be best. Cloudware’s dedicated servers offer redundancy features, so you get another bonus here.

Be ready

Set up an emergency response plan. This is actually needed in order to be GDPR-ready, too. And you will know what to do when an issue arises.

That plan should feature first actions in the event of a breach or an attack, person for contact, informing the users in a timely manner, backup usage and so on.

As you can see, dedicated server security isn’t anything way too complex. Most of the features and services are readily available. Plenty of them are even free. It’s more time-consuming than anything else. If you want it done properly, you will have to invest some time, but it’s going to be very well worth it in the long run.

If you want to learn more, check out this next article in our blog:

10 steps to build your database server