Recommended security practices
From Webpipe Wiki
Contents |
Webpipe's recommended security practices
Don't install or run applications that you don't use
Every installed application introduces potential vulnerabilities. The fewer applications installed, the fewer potential ways that a hacker could compromise your server.
Avoid using defaults
Hackers typically write automated scripts that look for known vulnerabilities. Anything you can do to change default ports, passwords, or file names will make these automated scripts less likely to succeed in compromising your server.
Keep your applications updated
Security vulnerabilities are found all the time. Usually the program vendors do a good job of patching their software as soon as possible to fix any exploits. Most commercial and open-source applications have a mailing list you can subscribe to where they send security announcements. We recommend subscribing to AND READING these announcements. Update your applications when critical updates are available.
Limit access where available
Many applications have options to limit access. Use them when available.
Use secure passwords
Make sure passwords contain a combination of letters, numbers and special characters. Also, avoid using passwords that contain words that can be found in a dictionary or names.
Specific recommendations
- If you run webmin, run it on a non-standard port edit /etc/webmin/miniserv.conf and change both instances of '10000' to something else
- Limit SSH Logins to certain IP Addresses. If you have a static IP address, you can limit the specific ip address that a particular user can use to log in. Edit /etc/ssh/sshd_config and add an AllowUsers line that contains a list of allowed users in the format <USER>@<IP_ADDRESS>.
AllowUsers root@11.22.33.44 root@99.88.77.66 someotheruser@77.66.55.44
- Run DenyHosts (http://denyhosts.sourceforge.net/) to prevent brute-force attacks
