An Expert’s Guide to Maximizing Your Server’s SecurityPosted on 20 November, 2015 by Jennifer B
If your firm is investing in its own dedicated servers, you will enjoy a higher quality of performance and greater security, but you’ll probably experience concerns when depending on a hosting company to keep your website running as clients expect.
We understand. Security is a key issue – for companies of all sizes. Here at WebNet Hosting, we want you to feel happy and confident with every aspect of our hosting service, which is why we invest in the best security available to us. All of our services undergo strict security assessments before we set them up for use by clients.
Our expert team is dedicated to helping you enjoy outstanding server security, whether you actually work with us or not – which is why we’ve put together a selection of techniques that can boost the safety of your site and its performance. Here are our top five tips to maximize your server’s security:
1. Use the Right Interfaces
When it comes to server administration, you should use TLS (Transport Layer Security) only, as this protects traffic running from your server and computer through effective encryption. Thanks to this technology, hackers will be unable to access login data and, as a consequence, prevented from launching a devastating attack.
How can you employ this on your server? On cPanel models, WHM, cPanel, IMAP/POP3, SMTP, and Webmail provide TLS protection but not as a default setting. We can provide advice on setting this up.
2. Consider the SSH Listen Port Used on Your Server
By switching the SSH (Secure Shell) Listen Port to one other than 22 on your server, you can stop automated attacks designed to crack users’ passwords and usernames. This might sound fairly complex, but is easy to do and will provide vital peace of mind.
You should also only ever use trusted computers and networks in your server administration.
3. Pay Attention to Your Active Scripts and Updates
You should keep track of maintenance for active scripts, looking out for the latest releases and tweaks. Take note of the developers behind your scripts and monitor their websites – this will ensure your server keeps running at its full potential.
4. Never Allow Malware to Infect Your Server
This is an obvious point, but it should be noted – check all systems used in your server’s every administration is malware-free. Why? As many of us know, malware allows hackers to gain access to the server’s administration interfaces – even when you believed encryption will stop this. Routine checks must be performed to keep track of your server’s health.
5. How Can Running an Audit on Your Server’s Security Help?
At WebNet Hosting, we maintain three data centers and put our clients’ satisfaction as a top priority, no matter what their requirements. In order to keep servers operating at optimum quality, we run security audits on our servers, paying careful attention to all key functions, identifying potential vulnerabilities, and investigating every aspect that demands closer examination.
Our audit encompasses the following steps:
In all Linux systems, the Linux kernel is the core program – there should be absolutely zero openings for hackers to exploit. Our experts will assess your dedicated server’s kernel version to ensure it’s safe and ready for use.
Should our team locate any flaws, we will trigger an immediate reboot (after we’ve checked this with you first, of course).
We will deactivate several PHP settings on servers which can perform without them, including:
‘allow_url_include’ – this is needed by almost no PHP applications, and so we switch if off. This can be reactivated at a later point, if needed.
‘allow_url_fopen’ – once this setting is activated, any URL can be treated as if it is a file – this creates a security risk for specific PHP-centric applications which sanitize ‘fopen’ and ‘include’ statements. Few programs actually need this setting to run, so disabling it causes little difference.
‘register_globals’ – Once this setting is switched on, PHP variables can be set at runtime via any URL, which opens it up to attackers to change these variables as and when they like. As a result, this setting can lead to arbitrary code execution, SQL injections, as well as identifying other areas ripe for exploitation.
Our team will also suggest various other settings / functions that should be switched off to improve the performance of PHP shells and further protect against malware. Have questions? We’re happy to provide further information as needed – we know this is can be complex.
The next step of our audit involves checking Apache mod security ruleset. What is this? Apache mod_security is a firewall software built to scan inbound HTTP requests, in order to identify risks. As part of our audit, we always check the latest update of this ruleset is featured on your server – we can set up your server to process updates as needed (even every day).
Next, our experts will pay attention to CSF/LFD configurations – this firewall detects automated attacks and implements additional security processes (such as SYN flood protection).
We run full security audits on binary packages, including apache, BIND, and udev – this makes sure your server’s systems are as up to date as can be and carrying no vulnerabilities.
We will change the configuration of partitions, which reduce the dangers of attacks and I/O overheads – both vital to sustain secure server performance.
Our team will also deactivate services which are unnecessary to most functions, to ensure your server remains as safe as possible, as well as using configurations for Exim, Cpanel, FTP, PHP and more with the strongest focus on security.
We have more than 6,000 customers across the globe, hosting clients’ online presence in more than 77 countries. We are expanding all the time, but we never neglect to give each and every client the attention they demand for outstanding performance.
Want to know more about our security audit and how they keep your server safe? Get in touch today.