7 Easy Tips Protect your Server

1
7 - Easy Tips Protect your Server
2
When setting up infrastructure, getting your
applications up and running will often be your
primary concern. However, making your
applications to function correctly without
addressing the security needs of your
infrastructure could have devastating
consequences down the line. In this guide, we
will talk about some basic security practices
that are best to configure before or as you set
up your applications.
3

• Install less software
• Cyber security is difficult enough, you should
  make it easier for yourself by installing less
  software. Fewer programs, services, plugins, mean
  less things to worry about. In cyber security
  terminology this is called reducing the attack
  vector.
• Reduce your attack vector by
• . starting with a minimal base system do not
  begin with a full blown and bloated operating
  system, start with as little as possible and keep
  track on the things you add
• . only install what you absolutely need install
  tools, plugins add-ons and programs that you
  really - really - need. Be hard and determined
  less is more!
• . check dependencies of things you install If
  you install anything make sure you check the
  dependencies software often requires other
  software (that you do not necessarily want)

4
2) SSH Keys SSH keys are a pair of cryptographic
keys that can be used to authenticate to an SSH
server as an alternative to password-based
logins. A private and public key pair are created
prior to authentication. The private key is kept
secret and secure by the user, while the public
key can be shared with anyone.
To configure the SSH key authentication, you must
place the user's public key on the server in a
special directory. When the user connects to the
server, the server will ask for proof that the
client has the associated private key. The SSH
client will use the private key to respond in a
way that proves ownership of the private key. The
server will then let the client connect without a
password. To learn more about how SSH keys work,
check out our article here.
5
3 ) Close all network ports, filter those you
can't block Firewalls are used to filter network
traffic and are available as standard system
software on most operating systems. Limit the
openings hackers have to your server. Firewall
configuration should . adopt a default policy of
blocking Most operating systems allow everything
by default. Turn this around and block everything
except that kind of traffic you expect and
need. . check inbound and outbound Filter
incoming and outgoing network traffic. This makes
it much harder for hackers to come in (and get
out - in the unfortunate case of a successful
hack). . filter open ports Secure open network
ports by filtering traffic based on source
(IP-address) and/or state, only allow traffic
from where you expect it to come from.
6
4) Firewalls A firewall is a piece of software
(or hardware) that controls what services are
exposed to the network. This means blocking or
restricting access to every port except for those
that should be publicly available.
7

• On a typical server, a number services may be
  running by default. These can be categorized into
  the following groups
• Public services that can be accessed by anyone on
  the internet, often anonymously. A good example
  of this is a web server that might allow access
  to your site.
• 2. Private services that should only be accessed
  by a select group of authorized accounts or from
  certain locations. An example of this may be a
  database control panel.
• 3. Internal services that should be accessible
  only from within the server itself, without
  exposing the service to the outside world. For
  example, this may be a database that only accepts
  local connections.
• Firewalls can ensure that access to your software
  is restricted according to the categories above.
  Public services can be left open and available to
  everyone and private services can be restricted
  based on different criteria. Internal services
  can be made completely inaccessible to the
  outside world. For ports that are not being used,
  access is blocked entirely in most
  configurations.

8
5) Use certificate/key authentication instead of
passwords If password-based logins are allowed,
hackers can repeatedly attempt to access the
server. With modern computing power it's easy to
automate this guessing by trying combination
after combination until the right password is
found (brute forcing). Secure authentication
by . use SSH key authentication an SSH key is
much longer than a normal password and contains
different characters than ordinary readable
letters and numbers. This results in more
possible combinations, making it exponentially
more difficult for hackers to find the right
key. . limit authentication rate Artificially
make the password / key checking slower, reducing
the speed of automated guessing . block
automated guessing Exclude IP-addresses if they
have failed to login successfully.
9
6) VPNs and Private Networking Private networks
are networks that are only available to certain
servers or users. For example, DigitalOcean
private networks enable isolated communication
between servers in the same account or team
within the same region.  A VPN, or virtual
private network, is a way to create secure
connections between remote computers and present
the connection as if it were a local private
network. This provides a way to configure your
services as if they were on a private network and
connect remote servers over secure connections.
10
7) Check and update regularly Most hacking is
automated these days, bots are constantly
scanning every server and website for
exploitation opportunities. It's not a
question IF they will find you, but WHEN. Take
care of your server by . checking its
logs potential problems often become visible
before any really bad things have happened. Check
the server logs for errors and anomalies often
they're early signs of trouble. . check for
updates either by using the software on your
server or by checking the vendor / software
website. . update regularly don't wait until
it's too late, install updates as soon as
possible (but after you've tested them!)
11
Server Firm is the Best Place to Buy VPS Server
in India Server.firm  provide is best servers in
India, Cheap Dedicated VPS server in
india, Indian Dedicated Server offers a higher
level of control, performance and stability than
the other Server provider companies. We also
provide India VPS and Cloud Server at very
affordable cost. Are you interested and want more
information on our plans and services? Just call
us at 7982671092, 9582907788 (toll free) or send
an email at sale_at_itmonteur.net. For more details
please visithttps//www.server.firm.in
12
IT MonteurB-71, Shalimar Garden
Extn-2Sahibabad, Ghaziabad, UP-201005Telephone 
Sales 91-9582907788Support 91-96540164840120
-2631048
www.server.firm.in