In November this year, the BigBasket data breach compromised the information of more than 2 Billion users. Evidently, companies of all sizes are facing cyber-security risks, and it is important to address the measures that must be taken. In this article, we discuss the bit-by-bit of securing Linux servers from cyber attacks.
What is a cyber-attack?
A cyber-attack is an assault launched by cyber criminals using one or more computer networks. Attackers commonly use any vulnerable public servers and computers that are connected to the internet to launch the assault. The main goal of the attacker is to breach the firewall and extract company data for ransom. The attacker may also be a competitor who gains from ruining your company’s reputation and goodwill.
Types of cyber-attacks
The most common type of attacks are:
- DDoS attack: Here, the attacker uses a vulnerable server to launch a series of attacks on the target server. The attacker launches floods, i.e., directs a large amount of traffic to you, which will cause downtime on your server. To prevent a DDoS attack, purchase a high-bandwidth server so that floods cannot be caused easily.
- SQL Injection: If you are hosting a CMS like WordPress, Joomla, Magento, etc., using third-party themes and plugins from untrusted sources leaves your system vulnerable. SQL injection can manipulate all data in your database. Both server-side and code-side prevention methods are available to mitigate SQL injection. Make sure to adopt the latest technologies and update your CMS regularly. To be extra sure, using a vulnerability scanner like Acunetix is highly recommended.
- Man-in-the-middle attack: Here, the attacker launches from the client-side and sets himself up as a mediator between the user and the server. Suppose, you are on public wi-fi, the attacker can crack the public wi-fi and enter your PC to steal information. A secure network is the only way to prevent these types of attacks.
Cybersecurity Dos and Don’ts
- Don’t use old software
- Don’t write open-ended codes
- Do use a robust firewall
- Don’t set-up passwords that are in human-readable format
- Do use antivirus on both system and server, especially remote systems like laptops, phones and tablets. (80% of users still don’t use even a free one!)
- Do use an intrusion detection system on both server and system. As malware and Trojan can be uploaded from client PC as well, it is very important to counterbalance by setting up strong gates from the hosting side.
- Do implement HTTPS.
- While uploading files, always use SFTP port.
- Do train employees about permissions and antivirus.
Basic security setups for linux web-hosting servers
There are several cyber-security processes that can secure files and databases on your servers to prevent, as well as actively defend attacks in real-time. As the WHM control panel is the most popular among Linux OS users, this article shows how you can implement many security features with WHM. However, the general rules are applicable to all other control panels.
Types of security:
- SSH hardening: SSH is one of the most popular communication protocols on the net. Although SSH is more secure than FTP, taking further steps to secure SSH is highly recommended. If you are non-technical, you can ask your hosting provider to execute the same. SSH-hardening can be done through WHM easily through the intuitive GUI.
- /tmp security: Securing the /tmp folder is unignorable if you are using Linux. The reason is because any malicious files can be executed by attackers on /tmp directories. WHM has a ready-made script to implement /tmp security. This creates a tmp partition which automatically fixes tmp security.
- Security using software-based firewalls: There are several third-party tools which easily integrate on host to improve security features. Here, we discuss the best tools available in the market for Linux systems.
- Imunify360: This tool is an advanced firewall that tracks all activities on the server. It provides proactive defence by quarantining files that may be malicious. Using Imunify360, you can capture IPs, send alerts, block network-level access, scan malware, patch old PHP versions by default. It scans all uploaded files automatically, catches vulnerability and blocks IP. All tools are inbuilt and there is no need for configuration.
- CSF firewall: This open-source firewall for linux monitors incoming and outgoing traffic on network servers. Features include bruteforce attack alerts, suspicious process alerts, security score, warnings and per Port connection flooding detection and mitigation to help block DOS attacks. The system is quite fluid as you can enable/disable protections and configure custom SSH.
- BitNinja - This intrusion detection system gives you security against wordpress, joomla, drupal infections for hosted websites.
- Bigger organizations with heavy traffic can use third-party CDN like cloudware like Akamai.
Lastly, in case an attack is encountered we must have a disaster recovery plan in place to ensure that downtime is minimal. Some ways you can do this include:
- Create backups for websites and portals. For image files backup, use any third party tools. You can also set up incremental backup on cPanel. WHM has integrations with Google Cloud, Azure AWS for implementing backups. You can pre-define the backup path and you also have an option to add an additional destination for backup. Custom script for backups can override existing scripts in WHM, in case you are looking for more secure solutions.
- Set up version control systems which allow you to default back to previous versions in case your new versions are deemed insecure.
- Regularly take MySQL backups and make sure to sync db files to a remote backup service.
This article thoroughly discusses all necessary measures to be taken in order to ensure a smooth-sailing Linux operation. Ensuring that all precautions are taken can help you mitigate any cybersecurity issues in the future.