What is server Hardening and how its done??
Server Hardening is the process of securing a server by reducing its surface of vulnerability. Linux systems has a in-built security model by default. But we have to tune it up and customize based on our needs, which helps to secure the system tightly. Linux is hard to manage, but it offers more flexibility and custom configurations compared to windows and other proprietary systems. Hardening is primary factor to secure a server from hackers/intruders. It involves kernel patching, changing default ports to more secure one, removal of unnecessary package or only installing of necessary packages, changing password to more secure one, setting up firewalls/intrusion-detection
systems, Disabling unnecessary features from applications, allow access to limited users and IP address and so on..
Securing a server from hackers/intruders is very challenging. Initial step is to secure the physical system. Re-configure the BIOS to disable booting from external devices and enable BIOS password & GRUB password to restrict physical access. Now a days, attackers use different type of methods to hack servers, like web-server based attacks, sql injections, attacks via protocols like SSH, HTTP, FTP etc. We have to harden all loop-holes in the server in order to avoid such attempts.
Always use SSH to communicate with server remotely & we can simply block intruders/hackers from accessing server via SSH. Its a secure protocol that use encryption while communicating with the server. Never allow login directly from root unless it is necessary. Also recommended to change default SSH port 22 to custom port. Do change the following parameters to restrict unauthorized access.
#Disable root Login
Port <use custom port>
#Only allow Specific Users
#Use SSH Protocol 2 Version
It is highly recommended to enable iptables to secure server from unauthorized access. We can apply custom rules in iptables to filters incoming, outgoing and forwarding packets. Also we can specify the source and destination address to allow and deny in specific UDP/TCP ports. Host control management which helps to limit access to specific users and IP address. We can do this with the help of TCP wrapper files “hosts.allow” and “hosts.deny” files in Linux/Unix based systems.
Installing ConfigServe Firewall (CSF) provide better security for servers. It is easy to use and advanced interface for managing firewall settings. CSF configures server firewall to lock down server from public access to services and only allow certain connections, such as logging in to FTP, checking your email, or loading websites etc. CSF also comes with a service called Login Failure Daemon (LFD). LFD watches the user activity for excessive login failures which are commonly seen in brute force attacks. If a large amount of login failures are coming from the same IP, that IP will immediately be blocked temporarily from all services. These temporary blocks will automatically expire, however they can be removed manually. CSF also allows manually whitelist or blacklist IPs in server firewall, as well
as real time monitoring for automatic IP blocks in LFD.
As we all know anti-virus applications has a crucial role in security, Maldet & Clamscan are widely used and also known as two excellent choices for anti-virus applications. More effective malware scan meaning you’re more likely to identify potential threats. We can simply create daily/weekly cron to perform virus/malware scan. Securing crond service is another important factor. we can limit access to cron by the use of files “/etc/cron.allow” and “/etc/cron.deny”. To block a user from using cron, simply add user names in cron.deny and to allow run cron, add in cron.allow file. If we want to restrict all users from using cron, add the line to cron.deny file.
Using web application firewall like Mod-security will block common web-application/web-server attacks. Mod-security config file called which is included in web-server config file. This configuration file contains sets of rules with auditing settings. If any changes applied to modsec config file, the web-server daemon must be restarted. Always disable unnecessary php functions. We can simply do this by adding functions under ‘disable functions’ tab in php.ini file. It is highly recommended to avoid installing useless packages to avoid vulnerability, also keep updated all packages/applications. Old applications can have serious security holes that allow exploits such
as injections that allow scripts to be uploaded on servers. Always keep system updated with latest releases patches, security fixes and kernel when it CTRL+ALT+DELs not a good idea to have this option enabled on live production servers. Never allow accounts with empty passwords. Its opened for unauthorized access to anyone on the web. We
must make sure all accounts have strong passwords with alpha numeric characters. Empty password accounts are security risks and that can be easily hackable.
March 29, 2020