×


Server Hardening - What it means

Need to know more about Server Hardening ?

This guide is for you.


All of us have a security concern for our server from hackers. If we leave it without any firewall or security system, the chances for a hack are high.

Generally, to avoid this, we tweak the server with the technique, ‘Server Hardening’.

Its major role is to ensure that all the contents in the server are safeguarded properly from hackers.

Here at Ibmi Media, as part of our Server Management Services, we regularly help our Customers to perform security queries.

In this context, we shall look into how to harden our Servers.


How to implement server hardening ?

Server hardening depends on the hardware and the applications on the server. Let us see the common steps that we can take to improve the security of the server.


1. Firewall Tweaking

A firewall controls all the access that is made to the server.

However, we can block all the unwanted ports in the server to avoid hacking and spamming.

For example, blocking port 25 will avoid spamming in the server as most of the spammers will use port 25 to send broadcast emails.

Furthermore, we can enable only the necessary ports that the applications in our servers require.


2. Regular update of all software

Since the applications we use tend to become vulnerable after a certain period, regular updates or patching is necessary to avoid issues.

For example, consider WordPress. If we do not update it regularly it will open a back-door for attackers to hack the server.

So regular updates of all software on the server are mandatory.


3. Usage of IDS(Intrusion Detection System)

An IDS regularly monitors all the files and binaries in the server on the basis of file size and time.

It will check regularly on all the binary files by matching its content with the log dump and generate an error report if the files do not match the log dump.

This mechanism helps us to keep track of all the binary files in our server.


4. Installing malware scanners

A malware scanner is a software that regularly checks on all the files in the server for any viruses and harmful scripts.

For example, the ConfigServer eXploit Scanner (cxs) helps in detecting all malware and Trojans in the server by regularly monitoring all the files in the server.

It is necessary that we install an anti-virus scanner in the server to avoid a security breach.


5. Password Modification

Make sure to regularly modify all the passwords in the server and not to use a common password for all the applications.

Furthermore, always try to ensure that the password contains a good strength above 8 keys(1 numeric value + 1 capital letter + 1 special character) in it.


[For further Linux Security queries please feel free to contact us]


Conclusion

This article covers techniques to prevent attacks on the server. Basically, if we manage our servers without proper precautionary actions it is easy to spoil the reputation of the server.

Hardening your server is the process of increasing security on your server through a variety of means to result in a much more secure operating environment. Server hardening is one of the most important tasks to be handled on your servers. 

The default configuration of most operating systems is not designed with security as the primary focus. 

Default server setups focus more on usability, functionality and communication.


Server Hardening Security Measures Includes:

1. Hide login password from cgi scripts.

This setting allows you to hide the REMOTE_PASSWORD variable from scripts that the cpsrvd daemon's CGI handler executes.

2. Referrer safety check.

Only permit cPanel, Webmail and WHM to execute functions when the browser-provided referrer (port and domain or IP address) exactly matches the destination URL.

3. Initial default/catch-all forwarder destination

Select Fail to automatically discard un-routable email that your servers new accounts receive. This will help protect your server from mail attacks.

4. Verify signatures of third-party cPaddons.

Enable this option to verify GPG signatures of all third-party CPaddons.

5. Prevent "nobody" from sending mail.

Enable to block email that the nobody user sent to the remote address. Nobody is the username for Apache.

6. Enable SPF on domains for newly created accounts.

7. Proxy subdomain override.

Disable this option to prevent automatically-generated proxy domains when a user creates a subdomain.

8. Proxy subdomain creation.

Disable this option to prevent the addition of cPanel, Webmail, Web Disk and WHM proxy subdomain DNS entries to new accounts.

9. Cookie IP validation.

Disable this option to allow logins regardless of the user's IP address.