blog posts

Securing Your Virtual Server and Host

Virtual server security

The security of the virtual server is one of the most basic issues in the field of information technology, and it requires a lot of expertise to implement security. Virtual server security can be categorized as follows:

  • Network Security
  • Operating system security
  • Security of web services and their security configuration

This article will review and conclude all server security requirements that are the basis of sites and information available on the web. We also teach you how to test the security of the virtual server. To buy VPS, you can visit the plans available on Ded9.com.

virtual server (VPS) security testing training

Linux virtual server security and Windows server security are more discussed and used. These two operating systems have completely different structures and modes of operation, and they have commonalities only in some cases. A Linux server usually provides a server with a minimal operating system, which is perfectly suited to the user’s need for web services. The centos operating system is mostly used in Linux host servers, and the popular and powerful control panels Cpanel and DirectAdmin also support this Linux distribution.

How to test the security of a virtual server

Considering that many sites are shared on a server and use common space and resources in shared hosting services, security should be given more attention. Stay with us in the rest of this article to learn how to test VPS security.

Getting started with the server

Since the operating system we use is Windows, communication with Linux servers is done by putty software (learning how to connect to the server with putty) and Windows servers with Remote Desktop Connection. According to the topic of this article, which is about security, after installing the operating system and services used on the server, you should do some principles such as limiting services and disabling unusable services.

Configure server security

Considering that in the new era, security threats and attack methods have taken a new form and are changing daily, security services in organizations should also be updated according to these changes. Information security services are a set of security services that cover a wide range of information and security needs of the servers of companies and organizations.

The release of spyware and malware by internal and external agents or the leakage of vital information can be examples of these threats.

penetration test

Penetration testing is a systematic and planned method that examines the vulnerabilities and security holes of the server, network, and resources and programs connected to it. This service, placed in the first category, simulates hacker attacks on the desired targets and, after identifying the security holes, provides appropriate solutions to secure them.

Types of penetration testing:

  • Transparent test
  • Black box test
  • Gray box test

In black box testing, the tester has no prior knowledge about the system and performs the test. But in the Transparent test, the tester has full specifications and comprehensive information about the system, based on which he performs a simulated attack. In the Gray box test, the tester only has access to some information and does not have comprehensive information.

Testing should be done based on the systems’ sensitivity and security level. If high security is required, transparent testing should be done, and if the system and its security are less important, gray box and black box testing will suffice. Penetration testing should be done in a planned manner and with prior coordination with the system owner. It cannot be an uncoordinated action because some equipment or network systems may have problems during the test.

SIM setup

One of the keys to maintaining the organization’s security is using products called SIM or Security Information Management. With the help of this software, we can obtain complete information about the events of a system to analyze them.

The security information management system is software that collects all the reports of different systems and reacts when it sees an unexpected or so-called bad behavior.

IDS/IPS setup

The systems prevent traffic infiltration in the network in more detail than the firewall. Like antivirus systems, IDS and IPS tools monitor traffic and compare each packet against a database of known attack profiles.

Virtual server monitoring training using the Net data tool

Once the attack pattern is identified, these tools are applied. IDS and IPS have many features in common. Most IPSs have an IDS at their core. The main difference between these technologies is that IDS tools detect network traffic to alert malicious users of an attack. But IPS tools go a step further and automatically block harmful traffic.

Note: A log monitoring system is a software that can collect and report all types of system logs.

Installing a firewall

Setting up firewalls and UTMs hardware and software UTMs in organizations and companies in the best and most reliable way is one of the security needs of every organization.

Software firewalls are installed on operating systems and control incoming and outgoing traffic to the network or operating system. These types of firewalls are mostly for home use and organizations and small and medium-sized companies. Software firewalls can protect systems from unauthorized access, Trojans and malicious codes, computer worms, etc.

Hardware firewalls are usually installed as infrastructure by manufacturers on hardware boards and act as network routers. A router can also work as a hardware firewall in a network. A hardware firewall can default protect unwanted data and traffic from entering the network and information without making any initial settings.

Management of security holes

Updating management software and security holes saves time, cost, and bandwidth for small and large networks and provides security reports for systems within the network and updates in the shortest possible time. slow

Web application security in virtual server

Solutions and services for testing, scanning, and fixing security holes in web applications with different technologies.

Security consulting

I was consulting in the field of risk management and the security of damaged systems after malware attacks and the implementation and deployment of an information security management system (ISMS), which is a management solution for creating, implementing and deploying, monitoring and reviewing, and maintaining and improving information security in the organization…

Prevent Simulink attacks

Preventing Simlink attacks is one of the most fundamental aspects of server management and security. To prevent Simlink attacks, the security of each user is considered on the server, and its weakness will not harm other accounts.

What is Simulink?

Simlink is a feature that allows you to create a reference from one file or directory to another. For example, the test.php file is located in the home/test path. We can use symlink if we want the test.php file to be visible, executable, and even editable in another path, such as home/sample. This feature is supported on many operating systems, but their names and functions are different.

How to block Simlink in cPanel

Preventing Simlink in cPanel can be done in several steps and methods. symlink is one of the most dangerous things that is done on the server. Simlink is one of the main tools of the Linux operating system. If the problem and limitation of symlink in Linux server are not solved, if one user account is compromised, symlink can penetrate other accounts as well. Clodlinux operating system has been able to solve this problem to a large extent. The operating system uses a tool called cagefs to lock each account into a cage in its domain.

To prevent symlinks in panel, do the following:

1. Go to Home » Service Configuration » Apache Configuration » Global Configuration in WHM.

Do the following on the page:

2. Set the Server Tokens value to ProductOnly from the drop-down menu.

3. Uncheck FollowSymLinks and ExecCGI in the “/” directory options. Make sure the SymLinksIfOwnerMatch checkbox is enabled.

4. Save the items.

5. Go to Home » Service Configuration » PHP Configuration Editor and select Advanced Mode.

6. Find the disable_functions item and enter symlink and ln in its value in addition to the existing values.

7. Save the items.

8. Go to the Home » Security Center » Apache mod_userdir Tweak page, check Enable mod_userdir Protection, and click Save.

9. Go to Home » Security Center » PHP open_basedir Tweak and check to Enable PHP open_basedir Protection and click Save.

10. Go to Home » Security Center » Shell Fork Bomb Protection and click Enable Protection.

11. Use supply handler in apache web server for PHP

The above greatly limits the operation of the symlink but does not disable it definitively. There are other ways to restrict symlinks, some of which cause service disruptions, which are not covered here.

How to prevent Simlink in Direct Admin

There are several ways to prevent Symlink in Directadmin.

To prevent Symlink in DirectAdmin, do the following:

Connect to your server via SSH and enter the following commands in the console (learning how to connect to a virtual server with ssh). These commands include Simlink security settings.

cd /usr/local/directadmin/custom build

./build update

./build set harden-symlinks-patch yes

./build set safe_htaccess no

./build apache

./build rewrite_confs

Then enter the following command to find the path to php.ini in ssh:

/usr/local/bin/PHP -i | grep ‘Loaded Configuration File

Use the nano command to edit the file and find disable_functions. In addition to the values ​​in the symlink, enter and save the ln value.

Conclusion

Penetration testing is a systematic and planned process that, by simulating a hacker attack, examines the vulnerabilities and security holes of the server, network, and resources and programs connected to it. In such a way that the penetration test can be controlled and organized using internal resources such as the host’s security system or external resources. Therefore, this test, a simulated attack, is used to find problems and measure the security of the virtual server and the networks connected to it. In this article, how to test the security of the virtual server is fully explained.