Networking & Security


Server Security for Dummies: How to protect your server

The threats of hacking and server attacks is increasing expotentially since the birth of network from the first day. Servers are hacked and used not just important information are stolen and used unproperly, with the introduction of online payments, bitcoins etc, do boost up the hacking to higher severity levels.

If servers are not secure enough, it posts not only threats to the visitors, but also the owners of the servers, that lawsuits are possible if there are any evidence that the owner did not take any effective actions to protect their customers or co-workers. Here underneath, we introduce you some basic protection skills for dummies to protect servers.

1. Do not use common or default login names

Never ever use default login names for your server, say "Administrator" for windows system, and "root" for Linux boxes, with more complex login names, you got almost half the chance of getting hacked. Say, we use "admin4serverXYZ" and "root4serverXYZ" more secure than just juse "Administrator", "Admin", "root" etc.

2. Stronger password management

When we talk about stronger, we mean, the password must be long enough, and good combination of Alphabetical, numberical and special characters. Our suggestion is at least 12-characters. It would be a good idea to use keyword generator password for you, such as the website:https://strongpasswordgenerator.com/. Another good approach is to use Coding of password, so that you store your password with codes, instead of complate one. For example, password "Alpha-Terry-123" can be stored as {A}{T}{1} in plain text in your business system or documents, that you have another hard-copy of the translation that is not exposed to the inernet. We have been adopting this approach for many years, that it is very convinient and effective. Even when a old staff got quit from his position, that you only need to change the translation from A=Alpa to A=Animal or so, that the encoded password remains the same so that people wont get confused, what they need to know is the translation only.

Of course, you are also encouraged to change your password from time to time, the reason is trivial, people come and people leave, no matter he/she is a hacker or a ex-employee.

3. Better use management

Always remember to remove users that are not longer your employee. Always remember to set security policies for them that they cannot access data that are not suggested to be accessible by them, either with access right control or access-time control, applicaiton accessing or IP authentications. Build a good mechanism from the very beginning will help you solve a lot of time at later time.

4. Firewalls

For linux, it is usually managed by experts, so you need to consult them for optimized protection. For windows, with the default GUI firewall interface, you can easily set ports and applications that can access your server or visit outside data. This is the key action for any blank server. We also changed the default port fo RDP (Remote Desktop Control) from 3389 to, say, 12345 so that hackers get harder to guess which port number is used for remote control. You may also limit the user name and IP of computers who can access the port too. Remember changing port number for RDP must be done with registery editor, and you must also add a rule for it in the system firewall.

5. Frequent Update and Patching

There is no such thing known as perfect, so does it to all operating systems. That is why every application vendor release patches and updates from time to time. Always remember to do updates frequently, so that lost security vulnerables get solved. Set automical update if possible, or, do it with manual checking from time to time. Remember that some applications might not be working properly with latest updates, so you have to consult experts for advanced configurations.

6. Backup Backup Backup!

This is not last but one very very important approach that we use to secure servers. Data is everything when we talk about mission critical projects. If your server got hacked and all data gone, your business and customers gone too. So very bacic data protection is to do secure routine hardware backup and software bakcups. Hardware means the data won't get lost with damages of hardware, such as harddisks. Software backup means you can easily have your system roll back to where before it has been hacked. General pratices are different for different servers, for frequently data changing application servers, do daily backups, for common websites, just do weekly or monthly backups will be good enough.

Last but not least, if your server is used for email, and web hosting, remember to install server-side anti-virus software, anti-spamming software etc. If possible, get SSL for your website too.

We provide server management services. Feel free to contact us by phone +852 2787.3787 or email to sales@hkti.net for more details.