Whether you are running your web site from a paid hosting provider or have your own server environment to look after, knowing how to properly configure your server is one of the most important things you can do to keep your web site safe and secure. Last year along, 1.5 million web sites were defaced and almost all of these would have been preventable with proper server configuration. In this article I will talk about some of the ways you can keep your site secure.
There is no way to make a server completely secure from all possible types of attack but you can have a certain amount of vigilance that will ultimately mean less problems. By being vigilant and doing periodic audits of the system, i.e., checking for suspicious entries in the password logs, examining the process list, checking log files, you can go a long way towards keeping your server secure.
Turn Off Features
When setting up your web server, most people tend to leave features on by default since this can make the installation of new packages easier and less hassle. Leaving functionality available can create a big problem in your security. When starting off with your web server, make sure all features are off and the server is restricted, with access rights to parts of the system applied appropriately.
Turn Off Unneeded Services
This goes hand-in-hand with turning off features for the same reasons. If you are not using a service, you are simply providing a resource for someone to access your system as well as running extra overhead on your server that is unnecessary. To do this on a Linux server edit your “/etc/inetd.conf” file and disable any services that are not needed by placing a hash “#” in front of it.
Keep Everything Up-To-Date
It may seem like a no-brainer, but the common cause of most server break-ins is out-of-date server software. Perform regular updates and upgrades to your kernel, tools and utilities to make sure that your server is not a sitting-duck full of vulnerabilities. Keep an eye out for product updates and patches that may be useful to you and make a scheduled appointment each week to check for these updates.
Use Secure Shell (ssh) Instead of Telnet
Making the switch from ssh to telnet is important for two reasons: One, in telnet your sessions are unencypted, which means that everything you send (including usernames and passwords) is transmitted as clear text and is easy to intercept. Second, having the telnet port open in the first place is an open vulnerability. A cracker is going to try to connect to it and see what they can find. Ssh provides secure and encrypted connections that are more secure than telnet. You can find Linux RPM packages and Windows ssh installers for running an ssh server and client that are easy to install and manage. Remember from the second above, to turn off the telnet service once you are no longer using it.
Run Intrusion Detection Software
There are several free and open-source packages you can use to monitor for intrusion detection as well as paid software available. This software will monitor a server’s activity and report any suspicious events for you to review. This is an important step in keeping a system free of worms, viruses and renegade processes. You can also use programs that monitor base-code and report changes. This can prevent hackers from installing malicious code on your system.
Keep Shell Accounts Secure
When creating passwords for shell accounts make sure the passwords are complex and are changed often. Only give shell accounts and shell access to the people that really need them. You never know who could be the one to introduce malicious code to your server. Protect these accounts carefully.
Remember to Ask for Help
Whether you have been a server administrator for awhile or are just getting started, no one can really claim to be an expert. Find an online or in-person group of people that you can ask questions or get help if you are in over your head. Remember that it is important to know when you need assistance and you will only increase your learning and expertise by getting help when its required. Some server problems are complex and cannot be solved alone.
Use Security Assessment Tools
Ultimately, if you are unsure how vulnerable your server is, you can check your web server using configuration and security assessment software such as Nikto or Skipfish. These free tools will perform comprehensive scans and tests against your web server for many different potentially dangerous items. By looking at the generated report you can get an idea of the areas that need changed or addressed.
Server security can be a difficult task but only by staying up-to-date on what is going on and continuing to learn and be proactive, can you be on top of it. Without this kind of information you cannot hope to keep your server up and free of problems. Take your time and avoid the reactionary approach and you will be able to keep your server safe.