Upon receiving your welcome email from the HorizonIQ Technical team, there are a few basic setup and security provisions you should take in order to maximize the usability of your server and, ultimately, to protect your data. These steps will walk you through establishing the ideal foundation for your server’s security.
Step 1 – Secure Root User
The root user is the administrative user with heightened privileges to all rights and permissions on the server. Because of the security risks when working from the root account, it’s best to create normal user accounts that have limited access to the system to prevent the server from being compromised or mistakenly damaged.
Start Terminal Session (Linux/MAC Terminal)
ssh root@<server IP address>
Password:<see welcome email>
Start Putty SSH (Windows PC)
Host Name: <server IP address>
Click “Open”
Username: root
Password: <see welcome email>
Create New User Account
adduser <new username>
adduser <new username> sudo
Disable root account login
Edit the file /etc/ssh/sshd_config and change the value of PermitRootLogin to no
Step 2 – Ban Outside IPs
To protect your server from intruders, download software that will ban IPs that present inherent danger, such as too many login attempts. A service called fail2ban can mitigate these issues by creating rules that can reject IP addresses for a specific amount of time. Fail2ban reduces the rate of incorrect login attempts; however, it cannot eliminate the risk that weak authentication presents.
Fail2ban can be used with a variety of services running on your server. Based on the function of your individual server you should configure fail2ban to protect each service. For more information on setting up fail2ban, visit their HowTo Wiki.
Step 3 – Configure Firewall
Finally, install security and firewall software, such as CSF – ConfigServer Security & Firewall. CSF is a free, advanced firewall, which includes login/intrusion/flood detections in addition to the basic firewall features. CSF is able to recognize attacks and temporarily block potential intruders. CSF can also limit access to the server based on specific services and locations, which dramatically reduces the potential for a server breach.
Consequences of not securing your new server
Properly setting up your server is crucial. Without a secure foundation, personal data, customer data and personal information are all at risk of being stolen or hacked. The hard costs of a hacked website can be detrimental to any business and can include:
- The cost for a developer to repair the damage
- Administrative costs of time spent communicating with the internal team, vendors and clients
- Investment in preventative measures like moving to a new hosting environment and security/preventative services
- IT time and materials to investigate and identify the problem
Unfortunately, the costs of a hacked website don’t end there. Data loss, loss of confidence, business disruption, unnecessary stress and loss of revenue due to site downtime can bury a company.
Understanding the risks and taking the appropriate preventative steps will maintain business continuity and protect your company’s largest assets.
Updated: January 2019
