Grid Guide Topics
Table of Contents
- Disable the Root Account
- Use SSH Keys
- Block Unwanted Traffic with Firewalls
- Use Denyhosts and Fail2Ban
- Install an Intrusion Detection System
- Update Software Regularly
- Encrypt Sensitive Data
- Limit Unused Services
- Check for Malware
Securing your Linux VPS is the most important thing you could after installing and configuring it. However, it is much more secure than other operating systems because of its security model. But, the Linux’s Security Model (LSM) not one hundred percent secure and has some security breaches. So, in this guide, we will explain some of the most common security measures you need to take to secure your Linux VPS from hackers over the internet.
Disable the Root Account
Want to secure your Linux VPS? If yes, the first thing you need to do is disabling the root account. Instead of using the root account, you could take advantage of sudo access for root privileges. This can restrict hackers from trying brute force to crack root account password and gain access of it.
Sudo is an exclusive access that can be given to an authorized user to run administrative commands and eliminate the need of root access.
But, before disabling root account, make sure that you have created a non-root account using the guide, initial server setup with Ubuntu 18.04 and given appropriate privileges to it.
Use SSH Keys
SSH is an acronym for Secure Shell. Secure Shell (SSH) is a cryptographic network protocol, and it is responsible for encrypting the information between a user and the remote machine. It allows users to perform secure network services.
It uses SSH keys to log into a server so that you can get a more secure way of logging in. Generally, hackers use brute force attack to crack passwords. But, it is almost impossible to decipher the SSH keys by using the brute force attack as they have more bit of data than a password. It means there are significantly more possible ways of combinations for a hacker to crack. So, you can connect to your server without entering your password. Moreover, it is even more secure.
Secure Shell (SSH) is completely based on public key cryptography. For your easy understanding, let’s just say SSH keys come in a pair. One is a private key and the other one is a public key. The private key is stored securely to the home machine of a user. The public key is stored securely to any remote machine that user wishes to connect. You can use the public key on any server, but it can be unlocked by connecting to a user who already has the private key. The machine will be unlocked only when the two keys matched. You can also increase the security much more by protecting the private key with a passphrase.
SSH Keys are straightforward to set up. SSH key authentication is the most recommended to log into your Linux or Unix server remotely. SSH keys can be generated in your computer and transfer the public key to your server in no time.
Block Unwanted Traffic with Firewalls
A firewall is a protection from unauthorized access to a server. It is a network security device that monitors traffic to your server and allows or blocks a specific traffic based on predetermined security rules. It creates a barrier between a trusted internal network and an untrusted external network i.e., the internet.
Firewalls allow you to limit access to your server depending on which group mentioned above is suitable for you. You can give access to everyone using public services, and you can restrict the permission using private services. You can also make some data completely inaccessible to the outside world.
We have briefly discussed some of the popular firewalls solutions below.
Ufw stands for Uncomplicated Firewall. Ufw is Ubuntu’s default firewall configuration tool. By default, Ufw is disabled in Ubuntu. It provides simple yet most effective host-based firewall management making it simple for everyone including people who are not aware of Linux firewall solutions.
IPTables is probably the most well-known firewall solution. It is used for administration of Netfilter firewall included in the Linux kernel. It has undergone many intense security audits to ensure that its safety. It has been upgraded many times since it was first introduced in 1998. The syntax can be a little difficult to understand at first, but it is a fantastic tool that can be configured with a very flexible set of rules.
NFTables was introduced in 2014 by the same team who developed IPTables and intended to eventually make it a successor of IPTables in the future. It uses more readable syntax and can support both IPv4 and IPv6 in the same tool.
Use Denyhosts and Fail2Ban
Denyhosts and Fail2ban are two applications to secure your Linux VPS. They focus on failed login attempts, so if multiple failed login attempts happened from the same IP address, the applications will automatically insert firewall rules that it will block traffic from that IP address. This is because of the assumption that authorized users can’t fail to enter the correct password within 3-5 tries, so anyone who exceeds the limit can be considered as malicious.
Install an Intrusion Detection System
The software that looks for unauthorized activity to files and reports them is commonly referred to as an Intrusion Detection System (IDS). Conducting file audits and implementing IDS is an intensive process. The initial configuration in the process involves finding the non-standard changes you have made to the server and defining the paths that must be excluded to create a baseline reading.
The process complicates the updating process as you need to re-check the system before running updates, and recreating the baseline after running the update to catch changes to the software versions. You also need to offload the reports to another location so that no one can alter the audit to hide their tracks. The process may also increase your administration capacity i.e., being able to check your system for a known-good copy, the only way to ensure that the files have not been changed without your knowledge.
Update Software Regularly
Security breaches are common in almost every kind of software you might be using in your system. Getting rid of these security breaches is an essential routine in securing your Linux VPS. This can be done only by using the updated software available in the respective software repository because outdated software might have security breaches and updated for the same reason. This is one of the simplest ways of preventing intrusion attacks.
Encrypt Sensitive Data
Data that is transmitted over the internet can be monitored and misused by hackers. Although we have some resources to protect the data, it needs to be encrypted when sensitive data is involved. Encryption is one of the most effective ways of securing data used by organizations. It translates data into a code form so that people who have a secret key can only access the data. The sole purpose of encryption is to protect the digital data that is transmitted using the internet and computer networks. The modern data encryption algorithms have already replaced the Data Encryption Standard and are playing a crucial role in securing IT systems and communications.
Limit Unused Services
It’s likely that you don’t need all the packages and services that come with Linux distribution. Every service or package you use is a possible threat so try to use services and packages that you need and use. And, disable all the services from starting automatically. Also, don’t install and configure unnecessary packages and services.
Check for Malware
Linux is less targeted by malware than Windows operating system, but it doesn’t mean that it is immune to malware software. So, it is recommended to check for malware in your system which can help you find the unauthorized software installed in your system. But, there are many malware scanners for Linux in the market today. One of the popular malware scanners today is maldet, Linux Malware Detect (LMD). You can use maldet both manually and automatically. You have an option to schedule scans and the reports will be mailed to the admin of your Linux VPS.
In this guide, we tried to mention some of the most important ways of securing your Linux VPS from malicious people over the internet. Since you have to take responsibility for the security of your server, you need to take decisions and implement the right solution at the right time.