How to Perform an Initial Security Setup on Your Dedicated Server

How to Perform an Initial Security Setup on Your Dedicated Server

When setting up a dedicated server for the first time, security should be your top priority. Securing your server ensures it is protected from unauthorized access, data breaches, and other vulnerabilities. This guide walks you through the essential steps for performing an initial security setup on your dedicated server.

Step 1: Update your server
Ensure your server is running the latest software and security patches.

• Log in to your server using SSH.
• For Debian-based systems (e.g., Ubuntu), run:

  sudo apt update && sudo apt upgrade -y
  

• For Red Hat-based systems (e.g., CentOS), run:

  sudo yum update -y
  

Step 2: Configure a firewall
A firewall controls incoming and outgoing traffic to your server, reducing the risk of attacks.

• Install a firewall if it’s not already installed. For example:

  sudo apt install ufw  # On Ubuntu
  sudo yum install firewalld  # On CentOS
  

• Enable and configure the firewall:
  • Allow SSH:

    sudo ufw allow ssh
    

  • Enable the firewall:

    sudo ufw enable
    

Step 3: Change the default SSH port
Changing the default SSH port reduces the risk of brute-force attacks.

• Open the SSH configuration file:

  sudo nano /etc/ssh/sshd_config
  

• Find the line #Port 22 and replace it with a new port number (e.g., Port 2222).
• Save and exit the file.
• Restart the SSH service:

  sudo systemctl restart sshd
  

Step 4: Set up SSH key authentication
SSH key authentication is more secure than using passwords.

• Generate an SSH key pair on your local machine:

  ssh-keygen -t rsa -b 4096
  

• Copy the public key to your server:

  ssh-copy-id user@your-server-ip
  

• Test the key-based login, and then disable password authentication:
  • Edit the SSH configuration file:

    sudo nano /etc/ssh/sshd_config
    

  • Set PasswordAuthentication to no.
  • Restart the SSH service:

    sudo systemctl restart sshd
    

Step 5: Install Fail2Ban
Fail2Ban helps prevent unauthorized login attempts.

• Install Fail2Ban:

  sudo apt install fail2ban  # On Ubuntu
  sudo yum install epel-release && sudo yum install fail2ban  # On CentOS
  

• Start and enable the Fail2Ban service:

  sudo systemctl start fail2ban
  sudo systemctl enable fail2ban
  

• Configure Fail2Ban rules by editing its configuration files in /etc/fail2ban.

Step 6: Disable root login
Disabling root login reduces the likelihood of unauthorized access to your server.

• Edit the SSH configuration file:

  sudo nano /etc/ssh/sshd_config
  

• Set PermitRootLogin to no.
• Restart the SSH service:

  sudo systemctl restart sshd
  

Step 7: Install and configure security monitoring tools
Monitoring tools help you detect unusual activity.

• Install tools like Chkrootkit or Lynis:

  sudo apt install chkrootkit  # On Ubuntu
  sudo yum install lynis  # On CentOS
  

• Run security scans periodically and act on recommendations.

Step 8: Regularly back up your server
Backups are essential in case of a security breach or system failure.

• Use tools like rsync or configure automated backups using scripts or third-party solutions.
• Store backups in a secure, offsite location.

By following these steps, you’ll establish a strong foundation for securing your dedicated server. Remember to review your server's security settings regularly and stay informed about the latest security practices.