Server Security Checklist
Last updated: November 10th 2022
Introduction
This guide lists different ways to harden your Webdock server security and links to our respective guides. This checklist is split in two parts:
- Security enhancements which should be performed on any new server - these are already active on our Perfect Server stacks.
- Security enhancements which are optional and which we have not applied per default to our Perfect Server stacks.
Already configured on Webdock Perfect Server Stacks
Check open ports on your server
Malware attacks occur through open ports on your server. Always keep an eye on what services are running and stop unnecessary services on your server. This article describes different ways to find open ports on your Webdock server.
Configure firewall to block ports
Run your applications behind an active firewall. Allow the incoming network traffic only to specific ports and block the remaining ports. UFW is the default firewall we use in our Perfect Server stacks and is a versatile and easily configurable iptables manager. You can read about how to manage your firewall with UFW on your Webdock server here.
Secure the SSH daemon
We use SSH daemon defaults which does not allow for password authentication nor root logins. SSH is the door to your server and its security is paramount to the safety of your server. SSH provides different configurations to harden its security. This article describes the various SSH configurations options which impact SSH server security.
Configure fail2ban to protect your server from different attacks
Analyze incoming network traffic automatically to detect malware and take action against it. Fail2ban is an Intrusion Prevention System tool that is used to protect your server from different attacks. On our Perfect Server stacks fail2ban is active for SSH and FTP but can be expanded to do all sorts of malware detection for other types of systems and software. Read more about fail2ban configuration for common services on your Webdock server here.
Further, optional, security enhancements
Configure Naxsi firewall to secure Nginx
Protect your Nginx server from different malicious activities like SQL injection and cross-site scripting. Naxsi is a tool which can be used for this purpose. This article describes how to set up Naxsi firewalling on your Webdock server.
Configure security headers in Nginx and Apache
Secure your Nginx and Apache servers by configuring various security headers. Security headers protect your server from cross-scripting attacks, SQL injections and clickjacking. Read more about security header configuration in Nginx and Apache here.
Enable encryption for MariaDB
Enable encryption at rest for your MariaDB server. By default MariaDB stores data in plain text and anyone with read access or access to your server can read the data. This guide explains the procedure of enabling encryption for your MariaDB server.
Related articles
-
How to check for open ports on your Ubuntu server
This article details various approaches to finding out which ports are open and accessible on your server.
Last updated: November 10th 2022
-
How to work with your firewall (UFW - Uncomplicated Firewall)
In this article we show how UFW - or Uncomplicated Firewall - works along with common commands and usage examples.
Last updated: January 10th 2024
-
SSH Security Configuration Settings
This article lists various settings for the SSH Daemon which impact server security.
Last updated: February 1st 2024
-
How to configure Fail2Ban for common services
How fail2ban can be configured for common services as well as how to utilize the fail2ban CLI tools to check status of various jails, unbanning users and more.
Last updated: August 22nd 2023
-
How to Secure Nginx with Naxsi Firewall on Ubuntu 18.04 VPS
This Article describes how you can set up and configure Naxsi firewall on a Webdock LEMP stack on Ubuntu Bionic 18.04.
Last updated: November 10th 2022
-
How to Secure Nginx with Naxsi Firewall on Ubuntu 20.04 VPS
This Article describes how you can set up and configure Naxsi firewall on a Webdock LEMP stack on Ubuntu Focal 20.04.
Last updated: March 8th 2024
-
How to configure Security Headers in Nginx and Apache
Here we outline which security headers are important to set in different scenarios in Nginx and Apache.
Last updated: November 10th 2022
-
How to enable Encryption for MariaDB
Enable Encryption of your database data with MariaDB as well as force all new tables created to be encrypted.
Last updated: October 29th 2024
-
How to Scan Your Webdock Server for Malware and Virus
This guide provides basic step-by-step instructions to install various tools to scan your server for malware and viruses.
Last updated: July 19th 2023
-
How To Use Our Free BotGuard Bot Protection
In this article we show you how to activate and use our Free BotGuard Bot Protection which is included for free with all our VPS servers.
Last updated: November 4th 2024
-
Enhancing Nginx Security with IP Filtering and Password
A guide to enhance Nginx security with IP filtering (specific IP, and, IP ranges) and Password
Last updated: November 25th 2023
-
Securing Ubuntu: How to Detect System Vulnerabilities
Detect system vulnerabilities using Vuls
Last updated: December 20th 2023
-
Secure VPS Communication with SSL and UFW
A detailed guide to securely your communicate with your servers without requiring a VLAN setup.
Last updated: March 4th 2024
-
Configuring UFW and Fail2Ban to Mitigate Basic DDos Attacks
Instructions to protect your server from basic DDos attacks using UFW and Fail2Ban
Last updated: May 28th 2024