Server Hardening is a process that secures a system by reducing its surface of vulnerability, the surface area that is vulnerable to attacks from unauthorized users. The surface of vulnerability is larger when a system performs more functions. Changing default passwords regularly, removing unnecessary software, unused usernames and logins and disabling unnecessary or unused services are some of the ways to reduce the surface of vulnerability.

Server hardening ensures that server security is enhanced through various means. The soft surface or material of the website and its data is changed to make the surface stronger and resistant to damages and attacks.

Most of the applications and system software used currently are intended for online use and for internet connections. Most of them are attacked several thousand times every hour. Server hardening is a well established practice and a part of website development that is done within the organization by a special team or is outsourced to a trusted server hardening agency.

The default configurations of most of the operating systems do not come with security as the primary function. The operating systems mostly focus on the functionality, ease of use and communicative functions of the website. Sophisticated server hardening policies for all servers in your organization is very important to increase server and network security.

Each organization requires different set of security measures to maintain adequate system and network security. Some of the server hardening tips and tricks are given below.
  • Use of data encryption for communications

  • Insecure protocols that send information or passwords in plain text must be avoided

  • Minimizing unnecessary software on servers

  • Unwanted SUID and SGID binaries must be disabled

  • Regularly updating security patches in the operating system

  • Use of security extensions

  • User accounts must be given very strong passwords

  • Update or remove third party software

  • Regularly changing passwords without repeating old ones

  • Setting up locking accounts after many login failures

  • SSH hardening

  • Changing the port from default one to a specific one

  • Disabling direct root logins and enabling the switch from lower level account to the root only if necessary

  • Disabling all unnecessary services and unused services. Instances of IRC – BitchX, bnc, guardservices, psyBNC and other such services must be considered and disabled

  • Secure var/tmp/dev/shm

  • Hide BIND DNS Sever Version and Apache version

  • Partitions must be separated to make your system more secure

  • Install Root Kit Hunter and ChrootKit hunter

  • Hardening sysctl.conf

  • Installing software like CSF or APF or configure the system firewall (Iptables)

  • Open network ports must be minimized to the specific requirements of the website

  • Using a hardware firewall can be considered for extra security

  • Partitions can be separated in ways to increase security of system

  • Unwanted binaries can be disabled

  • Brute force and intrusion detection systems can be used

  • Php installation can be hardened

  • Linux Socket Monitor can be installed to detect and alert any new sockets created on your system

  • Server logs and mirror logs can be maintained in separate log server

  • Web-server hardening can be done by installing Mod_security

  • User accounts must be limited to accessing only what they need to access

  • Proper and regular backups must be maintained

  • Physical server security must also be hardened

By Published On: May 6th, 2020Categories: SiteCarePro0 Comments