Very Basic Things That Will Make Your Servers Insanely Secure
It’s not that hard to ensure security. You can pretty much eliminate 95% of hacking by following these tips. These tips seem very basic, but they are real. Usually, when some giant corporation gets hacked, they had been doing something blatantly stupid, and they got what was coming for them. In this article, I will go over basic stuff you can do to keep your server secure.
1) Always Update Your Software ASAP
One of the worst things you can do is run outdated software. There are security updates for stuff every day, which is why you need to check for updates every day and install them if available. Don’t ever lag in this. That’s how they get you.
One of the things I think of most when thinking about this is the Xorg CVE-2018-14665 vulnerability. In short, Xorg had a vulnerability where you could specify a file that manages the root password as a log file when running the Xorg command while unprivileged, and change the root password. This was an extremely dangerous zero-day vulnerability, and all it took was for the hacker to enter one command:
Xorg -fp "root::16431:0:99999:7:::" -logfile shadow :1
The sad thing is, even though that vulnerability is fixed, there are probably still a good amount of servers running the outdated version of Xorg that had that issue.
2) Don’t Run Windows on Your Server
Long-time readers of this site know very well that I hate Windows. Windows is an extremely insecure Operating System, and Microsoft doesn’t care about making it secure. There is a reason that virtually every modern Operating System, excluding Windows, is based on UNIX. That’s because UNIX is speedy and reliable. All Microsoft cares about is that their Operating System is easy to use, and the majority of applications are available for Windows. If you don’t believe me, take it from a senior programmer at Microsoft:
Customers constantly evaluate other desktop platforms, [but] it would be so much work to move over that they hope we just improve Windows rather than force them to move.
— Aaron Contorer, head of C++ Development at Microsoft
Windows has almost no regard for security, is extremely slow, and is not ready to be used in a server environment, even in Windows Server, which is just Windows adapted slightly to run mainly servers. If you’re interested in reading more about this, check out our other article, Nine Reasons To Boycott Microsoft.
3) Don’t Give Anybody More Access than they Need
This is an essential rule. For example, if you are running more than a one-person show when it comes to your website, whether you are running a forum site, or a company, and must grant Moderators, Tech Support, etc. access to certain things on the site, only give them the access they need.
One reason for this is that you don’t know what their intentions are. Even if you’re running a business, almost everybody who works for you has a secondary reason for working for you, besides money. Sometimes it may be goofy, but with a lot of Moderators on forums, they can have dangerous intentions. That’s why you always need only to give people access to the things they need.
4) Make Sure Everybody is Trained in not Falling for Social Engineering
About 90% of hacking is simply social engineering. Hollywood glorifies hackers, but most hacking is people calling people and acting like they are somebody who they are not. The weakest point in any system is people. This sort of goes with reason three in a way, but reason three is preventing bad things from happening once somebody gets socially engineered. However, this will prevent it from happening in the first place.
5) Use Cloudflare In Front of Your Site
This is not a sponsorship. However, I believe very heavily in the power of Cloudflare. Cloudflare not only protects you against getting DDoSed, as it is often advertised for, but it does tons of other stuff too. It will also give you SSL certificates to get that nice padlock at the top of the browser. Cloudflare can also place flashcards and chatboxes across your site so users can interact.
There are so many uses for Cloudflare, and it is a must-have for any site that doesn’t want to be hacked. Cloudflare also doesn’t even cost money (except for certain services). You can get the basics of Cloudflare for free. Cloudflare is not sponsoring this article. I do mean everything I say here.