Basic Security

Security is very complex topic. There’s a lot of things to take into consideration from who should have access to your system, to which methods it’s accessible from. For the sake of this post, I’m going to speak very broadly, addressing the bare minimums of security, and also from the perspective of running a Cloud-based server. Additionally, I’ll provide a link at the end to a guide with some recommended commands for performing these basic steps.

Users and Permissions

By defualt, all Linux distributions have a default user, known as root. The root user is also the top of the food chain when it comes to system access, being an all-powerful entity with permissions to take any action that can be taken. Ideally, beyond the initial setup of your system, you should not be accessing your Linux system directly as the root user.

One of the first actions you should take as the root user is to created a limited user with sudo privileges. This will be the user that you typically access the system with. In addition to your limited user, you may have other users with specific roles for accessing the system, with varying scopes of privileges and access. That being said, you should avoid providing any more access than what is necessary to administer your system.

SSH

SSH will be your primary method of accessing your Linux server from the outside. Any users that you intend to have remote access to the system should already be set with appropriate permissions at this point, but let’s not simply rely on a password for their means of access from the outside. You should not only limit the number of users with outside access, but also ensure that the only means of access from the outside is via an SSH key. With a sufficiently encrypted SSH key, you will add a substantial level of protection to your server to prevent unwanted access.

It is also a good practice to rotate your keys periodically, and audit your users and access logs.

Firewall

Much like you lock your doors and close your windows at home, you should limit the number of open ports that could allow access to your server. Many systems include a firewall of some sort, and managing them can be relatively simple with something like UFW or firewalld. Managing iptables manually can be cumbersome, but is an option for granular control.

Essentially, you will want to close any ports that you don’t need to use, and only open them as needed. This will prevent vulnerabilities discovered by typical port scanning attacks.

Applications

Individual pieces of software can present security vulnerabilites no matter how well you’ve secured your server otherwise. Applications often have permissions for legitimate usage, which can end up exploited easily by someone with either a little bit of knowhow, or access to scripts that exploit you automatically. Faulty Wordpress plugins, or a well known exploit such as one that affects memecached can wreak havoc on your system, all without your knowledge.

While antivirus programs and rootkit detection programs are an option, one of the simplest lines of defense is to keep your applications up to date, and keep up on the news of known vulnerabilities.

Summary

A novice user could benefit from following any number of security guides online, such as Linode’s guide for Setting Up and Securing a Compute Instance. Keep in mind that these are some of the most basic steps you can (and should) take with a fresh server. Security is a remarkably complicated topic, but hopefully these suggestions can keep you safe from the bots that seek out the lowest hanging fruit.