When web hosting providers start asking about hardware DDoS protection that cost upward of $32,000 and licenses running $10,000 plus, you know that security is a serious issue, especially in today’s world of cybercriminal attacks.
Considering that some of these firewalls only protect you for attacks under 50Gbps, the real cost to protect yourself against attacks ten times that magnitude is staggering.
Before you even get to that level of security though, your servers themselves need to be locked down. There are a number of ways to do that – we’ll address a few of the more applicable methods here:
Use SSH Keys
The latest controversy between the FBI and Apple centered around unlocking an iPhone that utilized encryption. In this scenario, SSH keys utilize cryptographic keys using private and public key pairs for authentication. This prevents password based login brute force attacks whereby a malicious user can repeatedly attempt to gain access to your server.
This is comparable to using an exceptionally strong username – password combination, so much so that it’s virtually uncrackable – or at the very least, not worth attempting.
To some, setting up any type of cryptologic key seems taunting, but it really isn’t. The entire process can be completed in a few minutes.
I once sold a firewall device to a local firm for $5000 and thought that was a fortune to pay for protection. Today, this seems like a pittance compared to yesterday’s outlay for security. Essentially, firewalls can be software or hardware based, and as designed are engineered to block or restrict access to everything except what’s absolutely publicly necessary.
Internal services can be rendered completely inaccessible to the public, and any ports not being utilized can be blocked entirely (in most configurations).
Firewalls essentially provide you with an extra layer of security, to protect those components of your server that are vulnerable to exploitation.
Some firewalls are more difficult than others to set up, but once done normally only need to be tweaked. As an alternate, you can always resort to iptables or a CSF firewall.
Setup a Virtual Private Network (VPN)
VPN’s have been around for a number of years. The first time I set one up was to securely login to the corporate intranet from my home personal computer. They’re an encrypted tunnel between two end points, offering one way to connect to a remote server over a secure connection.
To make this work, the server has to be configured so that your applications and firewall allow the use of this type of funnel. Is the installation process difficult? Well, it’s not entirely simple, but once setup it’s very much worth the effort.
SSL certificates are used to authenticate different entities to one another, normally an end user with an online ecommerce store or banking institution.
These basically prevent hacking attacks where a cybercriminal imitates a server in your network to intercept traffic.
Google recently stated that it was pushing for all websites to be SSL enabled, which we also recommend as it added an additional layer of security.
Performing audits on your server
Basically, by performing an audit on your server, you discover the services that are running on it. Doing so enables you to understand where attacks may occur, allowing you to proactively lock them down. Obviously, the more services you have running, the greater the odds that there exists some vulnerability on your network.
While performing audits is recommended, do you have a protocol in place to receive security alerts associated with vulnerabilities on the services running on your servers?
Brought to you by ProlimeHost
We’ve been in the web hosting industry for ten years, helping hundreds of clients succeed in what they do best and that’s running their business. We specialize in dedicated servers, with data centers in Los Angeles, Phoenix, Denver and Singapore.
The E3 1275 v5 processor is now available at great pricing, giving you the ability to add up to 64GB of DDR4 ECC RAM. Call +1 877 477 9454 or email us at Sales@ProlimeHost.com. We’re here to help.