How to secure your Linux server and protect data.
Linux security is considered good, based on the operating system’s strong default permissions structure. However, you must still adopt best practices to keep your servers running safely and effectively.
Whether your Linux server is running Ubuntu, Debian, or some other distribution, follow these steps to strengthen your Linux server’s default configuration.
1. Use Strong and Unique Passwords
Good password hygiene isn’t only relevant to users logging into their personal computers or SaaS applications. For servers, administrators also need to ensure that users are utilizing sufficiently rigorous passwords. This practice makes them much more resistant to attacks.
Several excellent password managers are available for the Linux platform. Many of these offer crucial features, such as:
- Two-factor authentication,
- Password generators, and
- Cloud password storage.
2. Avoid Unnecessary packages.
You should only install the packages that you required. The more packages you install, particularly from third-party repositories, the more vulnerabilities you could be introducing into the system. Keep installed packages to a reasonable minimum and periodically eliminate what isn’t needed.
3. Configure 2FA
Two-factor authentication greatly improves the security of user access by requiring a password and a second token before users can log on to the server.
To set up 2FA on a Debian server and Debian-derived distributions, you should install the libpam-google-authenticator package. The package can display a QR code or produce a secret token that can be added to a software authentication device, such as Google Authenticator or Authy.
2FA can be used in conjunction with SSH (Secure Shell) to enforce the requirement for a second credential when logging into the server. SSH is a protocol that creates an encrypted, text-based connection to a remote server.
4. Update regularly
You should not hold old, unpatched packages, as these introduce critical vulnerabilities to the system that could be exploited by cybercriminals. To avoid this problem, ensure that your server, or server pool, is updated regularly.
5. Use server-side antivirus packages.
Linux servers are considered relatively resistant to viruses, malware, and other forms of cyberattack, all Linux endpoints – should run antivirus protection. Antivirus products will enhance the defensive capabilities of any server it runs.
6. Use a firewall
Every Linux server should be running a firewall as an initial line of defense against unauthorized or malicious connection requests. UFW, IPtables, firewalld are common basic Linux firewalls. You should inspect the firewall policy to ensure that it makes sense for your business’ operating environment.
7. Generate an SSH Key Pair
While strong passwords can make a difference, even stronger methods of logging into private servers are available. Secure shell key pairs, in particular, are worth implementing because these systems are far more difficult to hack through brute force.
Before utilizing SSH keys, it’s important to understand why you may want to implement them instead of the standard username and password setup. While passwords are certainly more convenient for everyday users, these same users tend to rely on easily guessed options that leave the entire security infrastructure vulnerable.
SSH key pairs, while not as user-friendly as passwords, are significantly more secure. This enhanced security can be attributed to the encryption utilized by both the server being logged into and the computer being used. At a minimum, an SSH key pair represents the equivalent of a 12-character password. In reality, however, the vast majority of SSH key pairs are even more complex. For this reason, SSH key pairs should be one of the first measures implemented when adopting a proactive server security strategy.
8. Backup your server
There are always things that can go wrong when it comes to computer systems, and packages can create dependency problems and other issues. It’s therefore vital that you retain the ability to roll back changes to your server.
Keep security in mind
Linux may be the best server for your small business or enterprise, as distributions generally have a decent security posture automatically configured. However, to significantly increase your defenses and minimize the chances that malicious users will gain access, you must harden your Linux server by applying the best practice tips.
