In this section, we’ll share some practical server security best practices that you can follow for effective protection:
1. Only use secure connections
It is recommended to use SSH (Secure Shell) to establish a secure connection to your server. SSH actually can replace password-based authentication for your server, and since passwords are always vulnerable to brute force attacks, an SSH connection is better for securing your servers.
SSH utilizes a pair of cryptographic keys with a public and a private key. The public key can be shared with others (hence the name), but the private key must be stored securely by the server administrator. SSH will effectively encrypt all exchanged data.
An additional method to secure your connection is to use proxy servers. Since with a proxy server, your users are hidden behind the proxy’s masked IP address, it’s harder for attackers to target vulnerable user devices to gain access.
2. Install a bot mitigation solution
Many attacks targeting servers are made possible with the use of malicious bots, for example for launching brute force, credential stuffing, and Layer 7 DoS attacks, among others. Thus, securing your server with a proper bot mitigation solution is recommended.
Bot mitigation software can use three different approaches in detecting and managing bot activities:
• Rules-based: in this approach, the bot mitigation solution applies rules to block malicious traffic coming from known bots, specific IP addresses or ranges, etc.
• Challenge-based: the solution uses tests like Captcha to challenge the user. If it’s a legitimate human user, the challenge should be fairly easy to solve, while ideally automated programs (bots) would be unable to solve it.
• AI-based: in this approach, the bot management solution analyzes vast numbers of signals, from OS version to mouse movements, to detect bots that try to mimic human user behavior.
Due to the sophistication of today’s bad bots, a bot management solution that is capable of behavioral-based detection is recommended. DataDome, for example, is an affordable bot management solution that uses AI and machine learning technologies to analyze both individual user behavior and global traffic patterns, and can mitigate malicious bot activities in real time.
3. Enforce the use of VPN
It’s recommended to use a VPN or actual private network to maintain secure data communications in and out of the server. With a private network, users will use private, untraceable IP addresses so it’s harder for hackers to identify the user and find vulnerabilities.
Also, when connecting to the server via VPN, this effectively encrypts data from and to the server, so hackers won’t be able to steal data during transmission.
4. Configure your server’s OS according to the server security best practices
Make sure your server’s operating system is properly configured:
• Change the default administrator passwords, including on third-party applications hosted on the server
• Set user authentications/privileges only to the bare minimum necessary for the user to do their specific job
• Delete unused and unnecessary accounts regularly
• Educate your team and share comprehensive guidelines regarding server security best practices, especially regarding passwords
• Disable any unused/unnecessary applications and services
5. Regularly update your OS and software
As repeatedly discussed above, a very important aspect of securing your server is to make sure you are always running the most recent version of your OS and all your applications hosted on the server.
Updates should be installed as soon as they are available, especially when the patch notes mention “security fixes” or similar messages. You can set up automatic updates, or set up a regular schedule to perform updates if you want to maintain continuity.