Tips for Securing Servers and Computers for peace of mind

Dedicated server securityThere’s been rampant hacking of user information, and celebrity photos as of late.

It makes users think and worry about security of their computers, servers and data. With this write up, we provide some tips and some guidelines for better security and peace of mind, although by no means is this an in-depth and “end all be all” of network and data security, although it is a good start and will give us a head start into at least securing our data, computers and servers.

Secure the Computer with a Firewall

firewall for servers

It is imperative that your computer or server is secured to prevent direct attacks to that device, and there are a few ways to accomplish this. Whether the computer runs on a desktop operating system of Windows, Linux such as Ubuntu, or Mac OSX or later, the computer hardware can be secured by installing a software based firewall. There are many firewall applications for the different operating systems available, but their basic functions should all be pretty much the same – they restrict access by blocking traffic to incoming or outgoing ports, or by restricting access based on certain criteria or policies.

For windows, there’s a built in firewall application, as well as a few free and paid ones, such as Comodo and UnThreat to name a few. For Linux, there is CSF, as well as the built-in Iptables. Mac OS also has built in firewall functionality as well as third party. We will not get into the detail of specific firewalls, but basically give an overview of what needs to be configured (refer to the specific firewall’s user manual in order to achieve these configurations).

Basically we need to block all incoming ports (we can also block outgoing ports for more security) and enable only those that we are certain that we will be using. In the case of a webserver, the https port 80 and https 8443 ports are needed so we enable those ports. If we need DNS server functionality, we also enable the DNS port 53. For mailing, we turn on port 25 for smtp (outgoing mail), as well as 110 (POP3), 143 (IMAP), 993 (IMAP SSL), and even 587 (alternative smtp port). For a full list of common tcp/upd ports that are required by your applications, you have to refer to their respective user manual, but for the common default ports for particular applications, you can check https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers.

Remember to only enable the ports that you will need, and disable all other ports. If you are securing a desktop computer, chances are you need to close down all the incoming ports as you do not want anyone connecting to your desktop.

For Linux Machines Install BFD

computer-security

IF the computer is a Linux based machine, install Brute Force Detection (BFD). This will ban IP addresses that have tried to connect multiple times with incorrect logins to the computer, and prevents brute force methods of trying to crack user/password logins. You can even configure the script to send you an email once it has detected a brute force hack attempt. Read through their website on instructions on how to install and configure the script.

Install an Antivirus

VIPRE-antivirus-technologyMake sure to install an antivirus application to make sure you do not get infected with nasty malware that can compromise your passwords and sensitive computer data. There are a lot of firewall applications that are free, as well as paid ones. Although which one is better, we cannot recommend and this article will not dive into which antivirus to use. When an antivirus is installed, also make sure that the virus definitions are up to date, as an antivirus with outdated definitions is pretty much vulnerable to new viruses to keep showing up. And also make it a point to scan the computer hard drive at least once a week to make sure that no files are infected.

Check Logs and Event Viewer Regularly

This is more for server administrators than regular desktop users. Make it a habit to check for computer logs to monitor the computer performance and detect any suspicious activity. For Linux, the logs are normally located in /var/logs. You can also create a cron job to send you daily email with log summaries. For windows machines, you can look at event viewer to monitor the health of the computer server. In event viewer, there are different log types: application log which are events that are logged by the programs, security logs are events like successful login attempt or unsuccessful login attempt, and system logs that are events logged by system components. By monitoring events and logs, you can keep your computer running in top shape and prevent rogue applications from taking over your machine.

Lockdown Your Router

You can secure your computer all you want, but if your network is not secure then you are still vulnerable. The best way to secure your network from the entry point is by locking down your router. Make sure login to the router’s administrator portal is only allowed internally, meaning you should only access your router’s configuration from inside your LAN, not from outside.

Also, only enable DMZ (demilitarized zone) when really needed. DMZ routes all incoming traffic to the computer in the DMZ, so this exposes your computer to the public if enabled.

Just like in your computer, make sure to enable the firewall of the router if it has one. Make sure to disable all incoming traffic from the router level, as this is your first line of defense. Unless you are hosting servers in your network that are needed to be accessible, you should disable most, if not all, incoming ports.

Use Proper Judgment

This can be the most overlooked cause of infections and hacks from unauthorized users. Make sure to use proper judgment when browsing the internet or when installing applications. Do not just go installing applications from anyone, especially those that are attached to emails. If the application is not from a trusted source, chances are it has a virus and best to stay away. The same goes when browsing sites, do not just go opening links and installing plugins that the website tells you. A lot of times these sites have malware that can infect your computer. Make sure your antivirus is running as it can detect most malwares, which provide you that security when an external application tries to install itself. Also enable popup blocker, which is built into most modern web browsers.

In closing, the more you keep your own network and computers secured, the lesser chance you have of getting infected with malicious software and viruses. And the better chance you have of keeping your data and secured files off the hands of unwanted eyes. Best of all, think before you click. Don’t just blatantly follow links and open emails, if they sound fishy, look fishy, chances are they are fishy and best to stay away.

ProlimeHost Cheap Dedicated Servers

BROUGHT TO YOU BY PROLIMEHOST

We’ve been in the web hosting industry for over a decade, helping hundreds of clients succeed in what they do best and that’s running their business. We specialize in Virtual Private Servers (VPS) and dedicated servers, with data centers in Los Angeles, Denver & Singapore.

VPS SERVICES: LIGHTNING FAST SSD VIRTUAL SERVERS

Our Virtual Private Servers all feature high performance Xeon processors and SSD storage in a RAID10 configuration to optimize your server’s performance, which dramatically enhances visitor experiences on your site.

That speed is backed by unparalleled 24/7 support, featuring both outstanding response AND resolution times to maximize your uptime.

Now is the time to join the ProlimeHost virtual private server revolution.

DEDICATED SERVERS: BACKED BY A 99.9% SLA NETWORK UPTIME GUARANTEE

We only use enterprise-class hardware in our dedicated servers and offer a four (4) hour hardware replacement. Throw in IPMI for remote management, support for public and private networks, free operating system (OS) re-installs, and SATA, SAS & SSD (including NVMe) storage. Call 1-877-477-9454 or contact us. For everything from gaming servers to cheap dedicated servers, we’re here to help.

ASIA OPTIMIZED SERVERS: IMPROVING CONNECTION SPEED AND QUALITY

Procuring an Asia optimized server improves the connection speed and quality between the server and the users in Asia or China. This can reduce latency, packet loss, jitter, and bandwidth issues that can affect the performance and reliability of the server and the applications hosted on it. For more information, please call 1-877-477-9454 or contact us.

Steve

Leave a Reply