Treat the cause, not just the symptoms. This is a much smarter, easier and less stressful way of keeping your dedicated server security checklist up to date. Having to fix a security problem that has already happened is much more time-consuming. It’s also a less efficient use of a server administrators time while exposing the server to hackers. A dedicated server security checklist is an important habit to develop and should be revised and carried out on a regular basis. Many dedicated server owners believe they are not targets, but in many cases you definitely are. Below are a few topics to cover in regards to this security checklist.
Keeping software and the Operating System up to date Updates to your Linux or Unix system are available on a constant basis and even on a daily basis. Keep an eye on the developers’ site for any security related updates and exploits that have been discovered. A good place to find general information on this for software and OS’s, in general, is here: https://www.us-cert.gov/ncas/bulletins/SB13-161 A mailing list or even twitter notifications from the OS developer is a good tool to have instead of having to manually remember to check for updates. The amount of effort required for a dedicated server security checklist also depends on the complexity of the server and network. .
Are your backups working? For hardware failures, security breaches and in case any changes made to your production server is made, having a dedicated server backup plan is an important feature. (Backing up to a different location on the same drive is NOT a backup.) This way you can quickly “reset” any changes from updates you made and for hardware failures. For security breaches, having an external backup system in place would be ideal. .
Update control panels and software Although many web-based control panels can update themselves, this does not always include various other software such as PHP, Apache, etc. The server administrator needs to do this manually. You can always check with the web-based control panel developer if you are up to date. It is also very easy to setup auto updates. Having this done on at least a monthly basis is a good habit to form, but weekly is best. .
Checking for hardware trouble You should review any logs for signs of hardware trouble or imminent failures. Disk read errors, overheating notices or networking failures could be signs of possible problems or imminent hardware failure. This does not happen often but if it does you certainly want to be prepared, especially if your dedicated server has been experiencing downtime, sluggishness or just odd behavior. .
Disk usage and server utilization If you are nearing maximum disk space, such as 90% capacity or more there is a good chance your dedicated server may even stop responding or end up with a lost or corrupt database. Either delete unused software versions, old emails, and logs or obtain more disk space. Deleting old and unused files results in a smaller data footprint resulting in a more speedy disaster recovery or server migration. Fewer data will also result in faster security scanning or monitoring without having to check “empty” data. .
Deleting unused or canceled user accounts Web hosting providers will undoubtedly receive cancellations for their shared, reseller or Virtual Private Server accounts. Make sure these are deleted and no longer able to be used. This will simply use up space otherwise and possibly cause some security concerns. In addition, slowing down any security scanning or data migrations as mentioned earlier. .
Passwords Make sure to change passwords, especially root or admin since this provides access to the entire dedicated server. Changing this password on a regular basis is vital. Recommended is twice a year and a combination of letters and numbers. Also, capital letters and at least 10 characters, is good practice. A lot of times, there is always someone out there trying to guess your password. Try an excellent password generator here.
The dedicated server security checklist pointers outlined above should help in securing your dedicated server and having it running at a more efficient level. It’s always best to prevent issues from happening to begin with instead of dealing with an unsecured server and dealing with the consequences.