blog posts

How to Secure Your Windows and Linux Servers

Increasing the Security of Windows and Linux servers is a broad topic that can draw attention when deciding whether to buy a Windows virtual server or a Linux virtual server. At first, it can be pointed out that Linux servers are more important in terms of security than Windows servers and still are. The code written for the graphical parts of Windows has made it possible to open more ways of penetration for someone who wants to enter your Windows server; It’s a simple point, but this makes Linux server security much better than Windows server.

Given that Linux servers only use the terminal to communicate, They have fewer security holes, and naturally, penetrating the security holes in the terminal will be much more difficult than penetrating the security layers of the graphic parts. This alone makes the Linux server several ranks higher than the Windows server in terms of security!

 

Methods of increasing Linux server security

  • Rootkit scanner not installed
  • Change the SSH port
  • Activating cPHulk in WHM
  • Disable root login
  • Disable open ports
  • ….

Note: Remember to always change the password of your main email to which the password and username of the server are sent; By accessing your email, the person in question can easily access your server

Thirteen methods have been considered in order to increase the security of the Linux server, and following each one can bring you one step closer to having a server with high security; We will continue with the first case, the Rootkit.

Access to Rootkit Scanner

According to many security experts, rootkits are the most dangerous type of malware. In fact, rootkits are a type of malware that can hide in the kernel of the operating system, and sometimes no one can find them, even antivirus. Interestingly, some rootkits are also hidden in antivirus software, thus compromising the security of your CentOS Linux VPS.

After being placed in the operating system or in the terms of Linux and Unix in the Root Access or Super User layer, rootkits place themselves at the highest level of user access, and sometimes for this reason, they get the name Rootkit. They can be used by many hackers for different purposes; In fact, a hacker can use a remote rootkit to gain full and high-level access to your system and can install other malware he needs through the same rootkit.

Create Another Port for SSH

Securing CentOS is just like any other Linux distribution; Almost everyone, especially hackers, is well aware that the default port of the SSH protocol is 22. By changing this port, you can make it a little harder for hackers to attack through this port. To do this, open the SSH file with one of your editors, such as Nano or VIM.

 

cd /etc/sysconfig/network-scripts
# ls
# nano ifcfg-ens160

 

Note: Before making changes, be sure to set the new port you want and then put it in the white list of the firewall so that there are no problems. Then change the number 22 to the desired port and save the file; Also, after doing this, restart the SSH service once for the changes to take effect.

 

CentOS: systemctl restart sshd.service
Ubuntu / Debian: systemctl restart ssh

 

Access cPHulk in WHM

cPHulk is a tool that protects your server against brute-force attacks. Brute force is the method used by hackers to find the password of a service or web server; cphulk acts as an antivirus or secondary firewall in the control panel and protects your user accounts.

Which services does cPHulk monitor?

WHM / cPanel
POP3 / IMAP / SMTP (communications such as email and e-mail)
FTP / SFTP
SSH

CPHulk can also automatically block or lock the following:

IP addresses that have been tried to be entered multiple times.
Usually accounts that have been compromised with repeated attempts.

Which methods does cPHulk block?

temporary blocking; Unblocking after a certain period of time
daily blocking; Locking user account or IP address for 24 hours
blocking or permanent blocking; After several times of temporary blocking

Not logging in with the Root username

Disabling the root user is one of the actions of server administrators to increase the security of CentOS Linux VPS; Root user has unlimited access to the operating system, this user has access to all commands and files in the system to read, write and execute.

Root user is used to create and define a new user, install and remove software packages and configure the operating system and software; Considering this user access level, it is better to disable this user due to security issues; Instead, create an admin user and use the sudo command for root access if needed.

Note: Before disabling the Root user, create a new user first

Not leaving secondary ports

Port scanning is the process of checking open ports on the victim’s computer; In fact, with the command to check open ports, the victim’s computer will be hackable, although nowadays important network ports are more popular for hacking; In the process of port scanning, the attacker connects to different TCP and UDP ports and tries to find a list of open ports that are active; It is exactly like a thief looking for the open doors of a house. The victim’s computer runs several services, each of which is called to a specific port.

One of the best tools for checking system ports is NMap; You should use this tool to check open and unused ports, then block it using server firewall❗

Keeping the server software up to date

Ignoring important security updates infects many websites every day; Because most software updates are released to users when a security bug is detected and then fixed; In this case, new versions will be updated and your website will be protected from possible damage; It is quite clear that if these vulnerabilities are not covered by the provided updates, your website will still be vulnerable to attack and the security of your CentOS Linux VPS will be compromised by all kinds of malware.

 

 

Assuming that we accept that these updates will not make the site’s security conditions more difficult, Although it may seem that way! Think for a moment about the stress and harm caused by your website being hacked through security layers. With multiple updates, you can fill these security holes and avoid the risk of being hacked. Therefore, we should take the latest updates very seriously:

Remove modules and extra packages

Any package or tool that you install and don’t use, in addition to slowing down the server, can open new ports on the system and cause problems; Also, some programs may have vulnerabilities such as malware that can create new paths for hackers and compromise your server.

Regular data backup

Despite taking all security precautions, because security is never 100%, information inside your server may be lost. In this case, the only way left is to restore the data from the backup server, but what happens if you don’t take a backup?

You simply lose the information inside your server and if this information is important and necessary, you will definitely suffer a lot from this side; So be sure to back up your server data on a daily basis.

Install and use antivirus

We once believed that Linux users are not the target of cybercriminals, most users thought that Linux is a system that is completely safe from malware and viruses, but this is not true; For years, users have been asking the question, does Linux need an antivirus?

 

 

 

Like Windows, Linux VPS security may be compromised by a variety of malware, including viruses, worms, backdoors, rootkits, keyloggers, Trojans, ransomware, and more; But since these malwares do not have enough access to the root environment, they cannot infect the Linux operating system widely.

However, to deal with these threats, Linux users also need security software such as antivirus, Linux users can use ClamAV antivirus software on their systems.

Use a strong password

Choosing a safe password can play an important role in keeping you safe; But the features that this safe password should have are the key things that should be checked; It must have happened to you that you forgot your password or you turned to very simple and mundane passwords to remember the password and for fear of forgetting it.

The truth is that you should never try to remember a password because it makes you use an easier password and that’s dangerous, and you’ll probably want to use the same password for all your accounts. Instead, you can use a password manager like LastPass.

How to set a strong password to increase the security of Linux VPS?

  • The minimum password length is 10 characters
  • Not using consecutive numbers and words like 123456
  • Emphasize the use of numbers in passwords
  • Emphasize the use of capital letters in the password
  • Not using numbers such as year of birth or national ID in the password

Installation and configuration of the firewall

Setting up and implementing a firewall is one of the most essential tasks to increase Linux security, a firewall is a system that protects your network or personal computer from intruders, unauthorized access, malicious traffic, and hacker attacks. Firewalls work by exchanging and routing packets between networks.

They control and manage the incoming and outgoing traffic to the network and allow a specific person or user to enter and access a specific system according to the rules defined in them.

If you have the CentOS operating system installed on your server, we recommend you use a CSF firewall, Config Server Firewall or CSF for short is a free and advanced software firewall for most Linux distributions and Linux-based servers.

In addition to the basic firewall and packet filtering capabilities, CSF has other security features, such as dealing with flood attacks as well as logging limits. The CSF interface is also integrated into popular Linux control panels such as Cpanel, Directadmin, and Webmin.

Network monitoring

It should be noted that the main purpose of creating computer networks is to give users access to resources and applications on servers, and all network equipment is configured for this purpose. Information and programs become disturbances and finally complaints and dissatisfaction of users cause significant financial losses for the organization.

One of the useful tools for server monitoring is the Zabbix tool. By installing Zabbix 5.0 LTS, you can ensure the security of your Linux VPS by monitoring it.

Methods of increasing the security of Windows Server

  • Using unknown ports for different services
  • Firewall activation in Windows Server
  • Choose a strong and appropriate password
  • Change the default account
  • Use Windows SandBox

Note: Remember to always change the password of your main email to which the password and username of the server are sent. By accessing your email, the person in question can easily access your server

In the rest of the article, we will tell you, dear users, 11 basic ways to increase the security of the Windows virtual server. By following these tips, you can use your virtual server without worry:

Using unknown ports for different services

When connecting to a Windows virtual server, most users use the default port, which makes it easier for hackers or brute-force attacks to access server resources because they are well-known ports, most people are familiar with these ports. For example, the RDP port is a well-known port.

Of course, by changing the default ports to unknown ports, you can prevent these attacks to a significant extent.

Firewall activation in Windows Server

Firewall activation in Windows VPS server is another essential factor in increasing the security of Windows virtual server, which allows you to block or unblock a specific IP.

You can freely filter settings related to the Internet, and incoming and outgoing traffic to control your network, the firewall also blocks traffic with suspicious addresses to prevent possible risks, so be sure to use the Windows firewall.

Choose a strong and appropriate password.

Never write down your password, forget security tips or steal your memory drive, they can access your password and compromise the security of your Windows virtual server.

 

Change the default account

It is better to disable the admin account and create a new account.

When buying a VPS, you must first have an operating system with a default account, you should note that these types of accounts are often vulnerable to brute-force attacks. Therefore, you need to change the original user account, also, remember to give the new account administrative privileges.

 

Windows VPS update

Microsoft regularly and sensitively provides various updates to reduce security holes in the operating system; Updating the Windows operating system is very important and can significantly increase the security of the software installed on Windows.

You can set the updates you receive to run on your operating system or turn on automatic updates on your operating system so that updates are installed automatically; Of course, keep in mind that installing multiple software is not a good idea; In the next part, we will give more details about installing the software.

Create multiple accounts

When multiple users access the server, set the following required permissions:

  • Enable two-step authentication
  • Do not use a blank password
  • Not using Chrome Password Manager to store your passwords
  • Avoid setting unnecessary access to user accounts

Use encryption in BitLocker mode

Using encryption in BitLocker mode helps you to have the necessary security in offline mode; It prevents the penetration of malware and is a special anti-malware tool; Even when the server is down, Bitlocker remains active to increase server security.

 

Other features of Bitlocker include data and information encryption; Note that you can only access data and server information if you decrypt Bitlocker using the same system used for encryption. Otherwise, all unencrypted Bitlocker information will be displayed as a string of random text items.

Note: To install Bitlocker, you need permission to access management protocols on the server.

 

Conclusion

Hackers increasingly target websites that are larger and more popular; Increasing Linux VPS security is important because you are using this service instead of shared hosting; This case also shows that your application or site has high traffic or is developing very quickly; This, while attracting more hackers to hack your website, should also attract your attention to increase the security of your virtual server. Damage to your project and property is a disaster, an asset you may have struggled with for years; It is worth maintaining this asset to increase the security of your server by doing the above.