Over the past few years, virtual private servers (VPS) have soared in popularity. Virtualization technologies have made major advancements in terms of performance and functionality, making it much easier and cheaper to get a VPS.
Having your own dedicated resources comes with the added responsibility of management and security, especially because most dedicated servers are self-managed. The onus of managing server security rests with each customer. Securing your Linux VPS is extremely important if you want to keep your data and other important resources away from the clutches of hackers.
However, Linux users, especially beginners and first-timers, are not aware of the steps to take in order to secure their servers. It is better to address security concerns now rather than wait to do so when hackers strike.
This guide provides some standard best practices for securing your VPS. The topic of server security is a rather broad one, and the steps described here cannot eliminate attacks completely. However, they will go a long way in securing your VPS against some of the most common attacks.
It is also important to note that some of the solutions presented here are targeted at specific forms of attacks, some of which are relevant only in specific configurations. Security measures need to be oriented to the nature of services that you are providing and the software applications that you are running. The decision on which particular solutions to adopt is a matter of personal discretion as well as cost-benefit analysis.
Lock down SSH
SSH, or secure shell service, is the primary avenue that we use to remotely connect and communicate with other servers. The SSH daemon running on your VPS is usually the first target for attack by hackers because as much as it provides strong encryption, it also allows a great deal of access to your server. If an attacker gains access to your VPS via SSH, he can cause major havoc to your data and the entire VPS, which sadly, is the ultimate aim for hackers.
To protect your servers and your data from being compromised by an SSH, attack, we recommend the following steps:
The foremost course of action is to disable root logins via SSH. Anyone can easily predict the root username, which would give them complete access to your system. Allowing unrestricted access to this account over SSH is therefore a bad idea. To fix this, open the /etc/ssh/sshd_config file and edit PermitRootLogin option as follows:
In case you want root access to your server, it’s best to always use tools like su and sudo instead of just logging in as root.
Secondly, disable password authentication. Always use SSH keys to access your system. When your passwords are disabled, the hacker will have to either guess or steal your SSH private key so as to gain access to your VPS. Go back to the same sshd_config file and modify the PasswordAuthentication option as follows:
If you don’t have SSH keys as yet, you’ll have to generate them first before disabling password authentication.
Limit root and system users’ access
In general, as long as users and applications don’t have access to any service on your VPS, whether it is because of limited access rights or ability to log in, they cannot cause any harm to the system. A common trick used by attackers is to “fool” the system into believing that a user has more access rights than what they actually have. Such attacks are called escalation attacks, but they are fairly uncommon.
To address these and other threats, it is important not to give people user accounts if they don’t really need them. Giving someone a shell account on your VPS should be the last resort since there are other ways of providing access to particular servers without giving user accounts.
The other option is to disable unused system user accounts. You could either delete them outright using the
userdel command, or lock them until the users need to access them again.
Block unwanted traffic using firewalls
The firewall acts as the front-line of security for any VPS. Firewalls are filters which limit incoming traffic to your server. They can even block all traffic arriving from a given IP address or through certain ports in cases where you know that traffic is malicious.
You can configure your firewall to be as open or as “mean” as you want. While it can be difficult to decide which is the best strategy for deploying an effective firewall, understanding the actual needs of your VPS and its users is a good beginning.
Ensure you know all the services that you are running and block ports that are on all public IPs, except of course those that are used by the services your are running. Review all access logs from time to time for any suspicious activity from a given IP address, then block all traffic arriving from that gateway just to be safe.
While firewall settings and configurations are outside the scope of this guide, we have provided some solutions that are handy when it comes to firewall configurations:
IPTables is the best known application for creating and configuring the firewall (Netfilter) which is provided by the Linux Kernel. It makes use of the packet filtering capacity of the Linux kernel itself to enforce the firewall rules quite remarkably. Most DoS attacks can be prevented with the help of IPTables.
Uncomplicated Firewall (UFW) is much simpler than IPTables, making it ideal for handling basic firewall duties. It provides simple but effective host-based firewall management making it good for people who are not versed with Linux firewall solutions.
Use DenyHosts and Fail2Ban to block password attacks
DenyHosts and Fail2Ban are two good applications which protect your VPS against dictionary attacks. They keep a close watch on attempted logins, so if multiple failed login attempts come from the same IP address, they automatically insert firewall rules that will block inbound traffic from that IP address.
The assumption here is that legitimate users cannot fail to get their password right in 3-5 tries, so anyone else who violates these limits is regarded as malicious. Since there is a potential for false positives, these blocks are only temporary, and the admin can easily reverse them when necessary. They are therefore fairly sufficient at warding off brute force attacks.
Encrypt sensitive data
All data that is transmitted over a network can be monitored. While there will be some resource overhead for encryption and decryption of data, it is still prudent to encrypt , especially when sensitive data is involved. Encryption transforms the data to be transmitted into incoherent code, so the attacker will only see a jumbled mess which will not be of any use to him. There are many tools for encrypting communication but as a start, you can use PGP, which is highly secure.
Avoid FTP and Telnet
In most network configurations, user credentials as well as FTP, telnet and rsh commands can be easily captured by anyone who is on the same network with the help of a packet sniffer. A good solution is to use either of OpenSSH, SFTP or FTPS which incorporate SSL or TLS encryption to FTP.
Minimize unused services
Hackers love to exploit unused applications. It is therefore good to disable daemons (services) which are not in active use. The command for stopping services may vary depending on your distro, although
/etc/init.d/[service] stop will often suffice. Make sure you also disable the service from starting automatically. This can often be done with:
chkconfig <servicename> off .
Unused services not only consume system resources, they present security challenges. Any daemon not in use should be “killed”.
Keep software up-to-date
Applying security patches is part of an important routine in securing your Linux VPS. Systems that are outdated may have security holes, so always make a point of using the available package management tools to keep them up-to-date. This is a simple and easy way of preventing intrusion attacks.
Install and use IDS
Intrusion detection systems (IDS) try to detect any suspicious activity such as DoS attacks and port scans. Deploying an IDS before going online is good practice. There are many good IDS applications available such as Tripwire and Psad. If possible, you can install a host-based intrusion detection system (HIDS) which will monitor and analyze the internals of a computing application.
Hopefully, this guide has given you a good start for ensuring that your VPS is protected from attacks by malicious people. Since you are responsible for your server’s security, ensure you remain vigilant against some the most common security threats. Keep auditing and evaluating your system and the solutions you implement to always be a step ahead of hackers.
This work is licensed under a Creative Commons Attribution 4.0 International License.