Linux is an extremely secure operating system, however, that doesn't mean to say that it's wise to apply a "set and forget" mindset, as doing so could lead to a security breach, and data loss - costing your business time and money. It's for that reason that Ethernet Servers recommends all Linux VPS customers follow these 3 easy steps to maintain a secure, high-performance hosting environment.
- Use strong and unique passwords. As standard, we deploy all of our Linux VPS's with a strong, randomly generated root password. With that in mind, we do understand that remembering passwords can be difficult, so, changing it to something shorter may be more convenient. A short password can be secure, but try to include a variety of mixed cases, symbols, and numbers, and ideally, ensure it is not a dictionary word.
You can have all the latest updates (more on that below) and security software, but with a weak root password, none of those things matter. Remember: security is a cumulative process. - Keep your operating system up-to-date. On a typical out-of-the-box Linux system, whether that be AlmaLinux, Debian, Ubuntu, and so on, you'll find there are typically security-related updates released at least once a week. This is no surprise given the number of packages involved in making Linux what it is - everything from the kernel, to the SSH protocol and systemd to sudo. You must keep up with the latest security updates.
This doesn't mean to say you need to be logging in and runningyum update
orapt-get upgrade
daily, as many distributions offer automated updates, for example using the unattended-upgrades feature in Debian or Ubuntu. The saying "if it isn't broke, don't fix it" is known by many, and whilst it might be tempting to avoid security updates to avoid the possibility of something wrong, as long as you maintain regular backups (which you should!), you'll always be safe in the unlikely event an unattended-upgrade causes problems. - Restrict access as much as you can. Let's say you have a static IP address at your house or workplace, and you'll be the only person connecting to SSH, phpMyAdmin, WHM - whatever it might be - consider locking down those daemons to your IP address. The exact procedure for doing so will vary depending on what you're looking to lockdown. To achieve this with SSH, for example, you could use iptables. In the case of phpMyAdmin, this can typically be done with the
phpmyadmin.conf
file. And for WHM, you'll want to use Host Access Control.
With that in mind, you'll want to ensure that you have a plan to fall back on in case your IP address changes. Typically there are ways around this, for example, we provide an SSL-secured HTML 5 serial console that authenticated customers can use to access their servers if they get locked out via SSH.
We hope this short guide has been helpful! Please feel free to contact us if you'd like to know how we can help secure your critical infrastructure, or if you have any questions about our products and services! We're here to help - 24/7/365.