October 27, 2011
Security Tips for your Dedicated Machine
One of the advantages of being the owner of a dedicated machine is that you have the ability to make your server far more secure than a typical shared server. Obviously the main reason for this is that since you aren't sharing your server with a few hundred other users you can't control you aren't exposing yourself to the sum total of the risks inherent in them.
A greater advantage, though, is that you can do things to your server that normally wouldn't be possible on a machine in which everyone is sharing the same resources. You own it, and so you can turn your machine into just about whatever you want. With that power, there are some things you'll want to consider doing to make your machine more secure.
Disable any unused services
On a shared server there are all sorts of services, many of them often archaic, that need to be keep accessible in case any user needs them. While typically most of these aren't unexploitable, all it takes is for there to be one weak link. Since you know what you use, you can disable just about any service that you don't intend on using. Remember as well that if you change your mind, you can always re-enable them later.
Enable system logs, and watch them
Doing a once over on your system logs is essentially the same thing as going to the doctor when you're healthy: it's how you notice the symptoms before the disease sets in. For every successful attack on your servers there are many unsuccessful ones. Quite often you can spot these in your logs based on some item specific to the attack: URLs with hosts of control characters, attempts to execute pages that don't exist, or sometimes just a flood of requests from a single IP address or block for no discernable reason.
Once you notice these you can filter out the offending IP addresses easily. Even better, if there is something about the attack that you think will be recurring, you should be able to adjust your security software (you are using them, right?) to look for these terms. Often an attack blocked from one address will just try again from another, so this is a tool you'll want to use.
Do the basics, but do them hard
All of the usual security tips apply, but for this serious an enterprise, you're going to want to increase your game a bit.
- Choose really secure passwords. Just “secure” doesn't cut it anymore. Of course make sure you can still remember it, but make sure it's guessability by a brute-force cracking engine is nil.
- Keep your software up to date. Your web host may not do this as fast as you, since they have thousands of users whose web sites they could break with an unwise installation. They might even appreciate a heads up from you if you see a problem.
- Make your own backups. Most hosts will tell you this, but even though they make backups, do it yourself as well, and keep your copy local.
Always, as well, keep an ear to the ground on any security issues related to your system. As your own web boss, you have every tool at your disposal to keep your site safe. There is no reason not to take advantage of them.
Popular LinksCategories: Security Issues |
Tags: attack,
advantages,
Security Issues,
software,
system,
dedicated server,
dedicated,
shared,
server,
shared ip,
shared hosts,
shared server,
server security,
web host,
security,
shared servers,
secure host,
secure server,
power system,
servers,
IP,
IP address,
shared host,
security tips,
server logs,
security risks,
web server,
blocked IP,
secure backups,
Dedicated Servers,
passwords,
installation,
IP addresses,
IT,
server resources,
web site security,
security software,
IT security,
web pages,
web servers,
shared server security,
IT resources,
security system,
brute force,
secure passwords,
dedicated IP,
web server resources,
server needs,
web server's resources,
sharing IP,
dedicated hosts,
dedicated web server,
dedicated host,
web host security,
web address
Post comment: