Very Basic Things That Will Make Your Servers Insanely Secure

It’s not that hard to ensure security. You can pretty much eliminate 95% of hacking by following these tips. These tips seem very basic, but they are real. Usually, when large corporations get hacked, it is due to a very simple failure on their part. In this article, I will go over some basic steps you can take to keep your server secure.

1) Always Update Your Software ASAP

One of the worst things you can do is run outdated software. There are security updates for stuff every day, so you need to check for them and install them if available. Don’t ever lag in this. That’s how they get you.

One of the things I think of most when thinking about this is the Xorg CVE-2018-14665 vulnerability. In short, Xorg had a vulnerability that allowed you to specify a file that manages the root password as a log file when running the Xorg command as an unprivileged user, thereby changing the root password. This was an extremely dangerous zero-day vulnerability, and all it took was for the hacker to enter one command:

Xorg -fp "root::16431:0:99999:7:::" -logfile shadow :1

The sad thing is, even though that vulnerability is fixed, there are probably still a good number of servers running the outdated version of Xorg that had that issue.

2) Don’t Run Windows on Your Server

Long-time readers of this site know very well that I hate Windows. Windows is an extremely insecure Operating System, and Microsoft doesn’t care about making it secure. There is a reason that virtually every modern Operating System, excluding Windows, is based on UNIX. That’s because UNIX is speedy and reliable. All Microsoft cares about is that its Operating System is easy to use and that the majority of applications are available for Windows. If you don’t believe me, take it from a senior programmer at Microsoft:

Customers constantly evaluate other desktop platforms, [but] it would be so much work to move over that they hope we just improve Windows rather than force them to move.

— Aaron Contorer, head of C++ Development at Microsoft

3) Don’t Give Anybody More Access than They Need

This is an essential rule. One of the most basic things you can do to keep your server secure is not to give anyone more access than they need. For example, if you are running more than a one-person show when it comes to your website, whether you are running a forum site or a company, and must grant Moderators, Tech Support, etc., access to certain things on the site, only give them the access they need.

One reason is that you don’t know their intentions. Even if you’re running a business, almost everybody who works for you has a secondary reason for working for you, besides money. Some forum moderators have dangerous intentions. That’s why you always need to give people access to the things they need.

4) Make Sure Everybody is trained in not falling for Social Engineering

About 90% of hacking is simply social engineering. Hollywood glorifies hackers, but most hacking involves people talking to privileged users and pretending to be someone they are not. The weakest point in any system is people. This sort of goes with reason three in a way, but reason three is preventing bad things from happening once somebody gets socially engineered. However, this will prevent it from happening in the first place.

5) Use Cloudflare In Front of Your Site

This is not a sponsorship. However, I believe very heavily in the power of Cloudflare. Cloudflare not only protects you against DDoS attacks, as it is often advertised, but it also does tons of other stuff. It will also give you SSL certificates so you can get that nice padlock at the top of the browser. Cloudflare can also place flashcards and chatboxes across your site so users can interact.

There are so many uses for Cloudflare, and it is a must-have for any site that doesn’t want to be hacked. You can get many Cloudflare features for free. Cloudflare is not sponsoring this article. I do mean everything I say here.