Hardening Your Server
In today’s blog post we are going to discuss some of the simple best practices for hardening your servers. These tips can apply to any server environment.
Disable default/guest accounts
Most systems have default guest accounts which if they are not being used should be disabled. I have not seen a reason to keep these enabled in any environment.
Change admin username
Most systems have the ability to change or disable the default super user account. To harden the server it is recommended to change / rename this where able.
Change All Default Passwords
Always change your default passwords to a complex password.
Use complex passwords for privileged accounts
Always make sure your passwords use the following minimum complexity settings
- Minimum 10 character length
- Include a number, capitals, symbol
- Do not use dictionary words
- Lock account after 5 failed login attempts
- Where able leave account locked out until reset.
- Always run server behind a firewall or enable a firewall
This is just good practice as you want to be able to log any events and prevent people from gaining access via unknown ports. If possible run an active firewall which will automatically block IPs on login attempts and send out alerts.
Disable all ports not being used
Same as above. There is no reason to keep open ports which are not used.
Change Default Ports
Where possible change default ports to a non standard. For example SSH operates on port 22 which is common and known. Change this to a random non standard eg. 6022
Updates updates updates
Stay on top of security updates which patch potential security holes in your server. This is very important.
I hope these simple tips help you and keep your servers more secure.