How do you protect your dedicated server?

[endoffice]

+1 for Cloudflare for DDoS protection.
+1 to changing common ports (22 ssh to #### ssh) will prevent and save you overflow errors from automated attacks
+1 to implementing and monitoring an IDS software, SNORT, AIDE, BASE, Sourcefire are all great but you really want to get someone who knows how to properly configure these things and it will stop many attacks that are known and the reports they generate are great for blacklisting and investigating patterns of different intrusion attempts.
+1 HARDWARE FIREWALLS

Some DO NOTS:
Store data in plain-text (maybe even get full encryption on even your drives if you want to go to that extent)
Weak passwords and keys (complexity < length, if your password is %$!XD guess what it can be broken today easily because of it's length)
Weak encryption or hashes
No salting
using WiFi

 

[Tomt307]

Everyone has pretty much covered everything, one thing which I think is key is making sure your using key firewall protections and its good to change ports to a random one, but people can still scan your systems. If you really want to be secure you can whitelist your IP just make sure to do this to a static IP.

 

[mihirthakur]

the most important points are
1st - Robust Password Strategy
2nd- Regular Scanning and Testing
3rd- Firewall Protection
4th - Maintain Database
5th- Update Software Regularly
6th - Data Backups

Make a checklist for the following and repeat the steps in monthly interval.

 

[bountysite]

Adding to what others have mentioned:-

- Make sure you have an offsite backup system
- Ensure that FTP is running over SSL. In CPanel, enforce strict full mode, instead of optional.
- CloudLinux offers protection against cross site contamination. One bad infected site will not infect other sites.

 

[cyclonehosting]

Some ways we protect our dedicated servers are:
1. Installing CSF which is a firewall protection
2. Changing the SSH port number so no one would be able to SSH into your server
3. Keep spam assassin turned on system wide
4. Run yum update to keep your system files up to date as well as updating the kernel
5. Make sure there are no outdated applications on your server which can cause vulnerability to it

Hope this helps,
Dennis

 

[casthost]

My 2 cents is to have the software as mentioned above (anti-virus, firewall, etc..), a backup server is always a great addition and can also be used for monitoring to make sure you can jump on any issues that arise quickly and effectively.

 

[Gaurav]

Here Are The Tips:
1.Execute a vigorous password policy
2. Go For Firewall
3. Regular Testing
4. Update Software regularly
5. Data Backups
6. Opt For Ddos Protection

 

[shayvpsmalaysia]

1. Software is always up-to-date
2. Use trusted networks
3. Subscribe DDoS protection
4. Install Firewall
5. Back up data regularly
6. Change the SSH (Secure Shell) Listen Port from 22 to another number
7. Use TSL
8. Use random password generator

 

[Rohit]

Use a random combination of upper and lowercase letters, numbers, and symbols.
Try not using words that are connected to your personal identity.
Don’t keep a password for a long time.

 

[F7N!]

Keep do virusscanners, also take care how much bandwidth spend on the populairity on your website and make sure you tracking no scam, phishing on your server. Also look how much DDoS your server can handle.

 

[ServersBase]

To protect the risk of your dedicated server attack follow these steps:
1. Change the SSH( Secure Shell) Listen Port
2. Use Only TLS (Transport Layer Security)
3. Keep your software updated
4. Keep your login password strong

 

[F7N!]

4. Keep your login password strong

In this case I always use a program for this, that ensure the 100% trutly safe passwords.

 

[netedgetech]

If you have cpanel server you can install these softwares.
CSF
CXS
malware.scanner

If you do not have any control panel then its time consuming task.

 

[Gaurav]

1. Get Serious About Password Strength
Always make sure that when you're selecting a password for your server, that you're choosing a strong password.
This password should be unique to the dedicated server and ideally stored in a password manager so you don't need to store it in any unencrypted file or sticky note.

2. Run Frequent Updates
software updates aren't just about helping to speed things up or letting you in on the latest new features. They're also created to address and prevent system holes, or even to solve security breaches you might not know about.

3. Install Anti-Virus and Anti-Spyware Software
Think of this type of software as preventative medicine for your server and workplace computers. Whenever you download a file from the Internet (which we know you're going to do) you run the risk of coming into contact with a virus.

4. Set Up A Firewall

 

[hostshield ltd]

Monitor every week the server for any bottlenecks, disk issues, and etc. Also use RAID in case of disk failure, set a complicated password and keep softwares updated

 

[WHUK-Ryanwuk]

Some of the simplest but very effective ways of securing your server include the following.

1. Executing a password policy that is vigorous
2. Scanning and testing on a regular basis
3. Maintaining your databases
4. Updating software on a regular basis

 

[ughosting]

As stated previously, it's worth looking at CloudLinux's Imunify 360.

1. WAF Keeps Websites Safe
2. Proactive Behavioural Firewall, stops strange behaviour
3. Anti-virus (They purchased a Linux AV company to get the best tech)
4. Firewall (Firewalld and IPSET, so handles millions of IPs without slowdown)
5. Herd threat learning, so get learnt data from thousands of other Imunify users via their central server.
6. "Suspected Bad Actors" are not blocked straight away, but given a capture to solve before forwarded to the sight.

It works with Apache or litespeed and works with or independent from CSF.

It costs per server, what you would pay an engineer for 2 hours, so well worth the money. If you pay the extra and have CloudLinux too, the server will practically run itself.

I know if you have a small server, the costs seem high, but not compared to losing all of your customers.

 

[shivahost]

Secure SSH with Google Authenticator Two-Factor Authentication on CentOS 7

 

[WHUK-Ryanwuk]

Here are the steps to protect your dedicated server
1) Maintain Your Databases
2) Update Software Regularly
3) Keep Backups of Data
4) Establish a Chain of Command