With cybercriminal activity continuing not just to rise but to increase in sophistication, the need to keep systems is a priority for all organisations. For those that need the use of dedicated servers, the possible consequences of falling victim to a cyberattack are all the greater. Here we discuss some of the most effective ways to keep your dedicated server secure.
- Keep software up to date
Cybercriminals are constantly seeking out vulnerabilities in software and will actively target organisations that have vulnerable apps. For this reason, application developers will regularly release updates and security patches to fix those security holes and keep users safe.
Once an update or patch is released, organisations need to install it immediately to maintain security. The longer the delay before this takes place, the greater the chance of hacking or malware infection. A managed dedicated hosting solution will ensure that operating systems are updated on time, while the implementation of auto-updates for all other apps is advised.
Just because you aren’t using your old software doesn’t mean that a hacker won’t. If it’s on your server and hasn’t been updated to the latest version, it poses a threat that hackers can exploit. This includes everything from a website plugin or theme to a piece of legacy software you no longer need. If it is not being used, delete it and the risk is removed straight away.
- Scan for malware
According to Dataprot, there are over a billion pieces of malware with half a million new ones being discovered every day. These come in the forms of viruses, Trojans, ransomware, worms and more, each capable of inflicting different types of damage to your server and what it contains.
To protect your server, companies should carry out regular malware scans that can detect threats and quarantine them before damage is done. Malware scanning can be available from your service provider.
- Defend against DDoS attacks
A distributed denial of service attack bombards your server with so many requests that it is unable to handle them all. As a result, the server will crash and all services will be taken offline.
Cybercriminals can trigger this by taking over thousands of machines and directing them all to your server at the same time. To prevent this, choose a hosting provider that defends your server using a DDoS shield. This detects suspicious bulk requests and prevents them from reaching your server.
- Use a VPN for access
If you are accessing a dedicated server over the internet, make sure that you use a VPN connection. VPNs (Virtual Private Networks) encrypt the data you send, ensuring that login credentials cannot be stolen in transit and then used to hack into the system. This is especially important if you are connected to the internet via a public, open wi-fi network.
- Change the default SSH port
Just as hackers are aware of default usernames, they are also aware of the default SSH listening port of 22. Using bots, cybercriminals will seek out servers using this port and if found, will use this for carrying out a brute force attack. To keep your server secure, change the default port immediately and ideally to a port number above 1024 which most scanners are unable to detect.
- Protect against SQL injections
SQL injections are a form of attack that targets the server’s databases, the place where important data is stored. If a hacker can get access to the database, then personal data or business intelligence could be stolen. To minimise the risk, ensure privileges restrict access to the database unless essential and delete unnecessary services and files that can easily be exploited.
- Set individual account privileges
Access to the server should be on a needs-only basis, so that only those that need root access, i.e., the server admin, can gain access. Everyone else should have their own account, with access privileges linked to their role within the company.
This way, if employees have their credentials stolen, hackers are restricted to the areas that the employee has access to and not the entire server. In this way, any damage can be limited.
- Enforce strong passwords
Modern brute force tools can crack weak passwords in seconds, making it easy for cybercriminals to access the server. Enforcing strong passwords prevents employees from using those that are weak and easy to guess.
Those with random numbers, letters, capitals and symbols are much more difficult to detect. Password managers can be used so that employees don’t have to remember the combination or make the mistake of writing them down. For double assurance, make sure you also implement two-factor authentication which requires an additional code sent to the user’s mobile phone.
- Backup regularly
Should a cybercriminal attack ransom or destroy your data, the consequences can be disastrous. A backup can help overcome this by enabling you to restore your server quickly, without the need to start from scratch or pay a ransom.The latest backup solutions enable you to set up automated, scheduled backups, at the frequency you need. The backups are then stored remotely, encrypted for security and checked for integrity to make sure they’re not corrupted and will work if you need them.
60% of companies that fall victim to a cyberattack or data breach go out of business within six months. This makes it vital that a dedicated server is kept as secure as possible. Hopefully, the measures discussed here will help your organisation protect its systems.
Find out more about our Managed Dedicated Server Hosting with built-in security.