When you are trying to keep your business safe from hackers and other cyber-attacks it’s important to cover all your bases, particularly with the new rules and regulations around GDPR coming in May 2018 next year. Here are some of the ways you can keep your business safe:
These are cryptographic keys that come in pairs and can be used to authenticate to an SSH server instead of password-based logins. A private and public key pair are created before authentication. The latter can be shared with anyone, whereas the private key is kept secret and secure by the user.
How would you configure an SSH key authentication? The user’s public key needs to be placed on the server in a special directory. Once the user connects to the server, proof will be required that the client has the associated private key, which the server will ask for. The SSH client will then use the private key to prove ownership of the private key. Until finally, the server will let the client connect without a password.
If you don’t feel comfortable using SSH keys, a very simple way of securing your server is to use a strong password. Passwords should at least contain an uppercase character, lowercase character, digit and a special character. If you are struggling to think of a password, there are numerous password generators online.
An easy way to always ensure maximum server security is to keep your system up to date with the latest fixes/patches. This ensures the OS is bug-free. You can sign up to email updates from Centos, Ubuntu etc.
Only allow SSH login for certain users. Not all users on your server will need to have SSH access. This is a simple but effective way to minimise unauthorised access to the server. Also allowing them access from certain IP’s only. I’ve given you an example below on how to do this. Please note this is for systems running Ubuntu.
For example: you want to allow the user, Alan, to access the server from IP 172.16.1.1 only.
- Open a terminal
- Open the SSH config file. You can use your favourite editing tool. I’m using VI for this example: vi /etc/ssh/sshd_config
- At the bottom of the SSHD file, add the line Allowusers email@example.com
- Save and close the file. With the VI editor you would press the ESC to get out off edit mode and then :wq. W writes the file and q, quits the file.
- Restart SSHD with sudo server ssh restart.
Each operating systems comes with its own built in software firewall. For example, most Linux distributions come with IP Tables pre-installed. Here you can specify a vast amount of rules, a few examples of what I use to secure my server with IP Tables.
- Allow certain IP’s to access server only
- Lock down different ports or applications
- Allow HTTP and HTTP traffic
- Reject different ports
- Fail2ban which gives a certain IP a number of tries to login before it blocks the IP. This stops brute force attacks