Let’s get started with why you should secure your server.
Without properly securing your server you are prone to suffer from server and services outages, getting your website hijacked, getting the server itself hijacked for zombie activities (DDoS users on the internet, Crypto Mining etc) risk of losing user data and getting malware/trojan/rat installed on your server which would cause even more damage in the long term when it comes to your business reputation and uptime. You aren't necessarily being targeted, but what must be understood is that a big percentage of the internet are bots with preconfigured scripts to do its owner's bidding. 47% of the internet as of 2022 was recorded to be bots according to Statista.
Here's a quick checklist which should be made:
- Knowing exactly what kind of services will be running and their required TCP and UDP ports within your infrastructure.
- Reconfigure your default TCP communication port.
- Enabling and Configuring Software firewall for your required traffic.
- Installing and Configuring an intrusion prevention system (IPS) and intrusion detection system (IDS).
- A method to encrypt data that resides on the local hard drive to evade ransomware.
- Installing and activating a good antivirus,
Changing default TCP communication port
No matter who it is, I always advise changing the SSH and remote desktop default communication client-server communication protocols. If on Linux, switch port 22 to something else and if on Windows switch port 3389. Respectively.
To change the default, you only need three lines of code and swap the variable $portvalue to the desired port. You have the choice from 1024 to 65535.
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -name "PortNumber" -Value $portvalue
New-NetFirewallRule -DisplayName 'RDPPORTLatest-TCP-In' -Profile 'Public' -Direction Inbound -Action Allow -Protocol TCP -LocalPort $portvalue
New-NetFirewallRule -DisplayName 'RDPPORTLatest-UDP-In' -Profile 'Public' -Direction Inbound -Action Allow -Protocol UDP -LocalPort $portvalue
On Linux, its very easy, simply locate the /etc/ssh/sshd_config file then edit and save the port field with your desired port.
Though it is still possible to find your actual port with some effort on the part of the attacker, just doing this at least takes you out of the cross-hair
of malicious internet bots that target specific default TCP ports.
Configure your firewall
This part is very straightforward. Simply know what ports, services and protocol are required for inbound connections and outbound if necessary while you deny all other connections that do not adhere to your firewall rules. Configuring your firewall, whether it be a Windows or Linux operating system, your system is a lot safer in the back of your home router because most traffic on the internet cannot make a direct connection to your computer at home due to port forwarding not being configured by default. Don't mistake this sentence as me saying that you cannot be compromised on a computer behind your home router, because it is still totally possible to download a trojan, viruses and others. A server, on the other hand, is immediately exposed over the internet, so you need to act quick before any of the countless bots on the internet gets to your machine first. If you need consultation and help in figuring out what needs to be applied to help you, feel free to contact me.