In a world of rapidly increasing cybercrime, the importance of a secure server cannot be overlooked. In fact, by the end of 2024, the cost of cyber attacks on the global economy is expected to reach an astronomical $10.5 trillion. Despite the obvious importance of cybersecurity, there’s a severe labour shortage in the industry, and many individuals and business owners aren’t doing all they can to keep their servers secure.

So what can you do to change this? In this guide, we're going to take a look at some of the best ways to keep your dedicated server as secure as possible by covering both Linux server security and Windows server security, with the ultimate aim of helping you protect your data, business and customers from threats.

What is a dedicated server?

A dedicated server is exactly what it says on the tin. When you pay for a dedicated server, its storage space and computing power are dedicated solely to you and your projects. This is the opposite of shared hosting servers, which are split between multiple tenants, and makes dedicated servers a popular choice as there are fewer security risks.

Learn more: What is a dedicated server?

Why is security important for a dedicated server?

In the age of information, malicious individuals are increasingly turning to one precious resource: data. According to Experian, 85% of businesses see data as one of their most valuable assets. So, if you've got a dedicated server sitting there without adequate protection, you could be leaving your business (or even your clients' businesses) exposed to malware, password breaches, and DDoS (distributed denial of service) attacks. This also applies to other types of servers too – it’s always vital to protect sensitive information from hackers.

Over time, hackers’ tactics have become increasingly sophisticated, allowing them to hide malware within legitimate scripts and applications, organise massive DDoS attacks, exploit minor software vulnerabilities and more in order to steal sensitive, valuable information from dedicated servers. This can include both customer information and business information, which can be catastrophic for day-to-day operations if significant website downtime causes a huge loss of potential earnings.

While the theft of business data is devastating enough – particularly if you haven’t implemented regular backups to protect your data – threats to customer data could potentially be even more damaging in the long run. Customers are much less likely to entrust their sensitive data to companies with a history of poor security measures and subsequent security breaches. So if you don’t protect against these attacks wherever possible or have a clear plan of action if they do occur, this could lead to a significant loss of business in the future.

Back up your data regularly to keep it safe.

How dedicated servers can improve security

If security is one of your priorities, a dedicated server should be your number one choice for web hosting. As you share your dedicated server with no one else, all of the resources are yours, and so is the security. You don’t have to worry about breaches coming from other users when it’s just you, whereas with shared hosting, you could share server space with another customer who has very weak security, which means that the whole server could be breached. This lack of sharing is a major benefit of dedicated servers and a main reason why so many people opt for them.

However, this doesn’t mean you can be complacent when it comes to dedicated server security. Although these servers are more secure than other hosting options, including shared hosting, VPS hosting and cloud hosting, they still need to be monitored, maintained and updated to keep hackers at bay. Plus, there are many security measures you can implement to ensure your data and your customers’ data is as safe as possible.

How to secure your dedicated server

Let’s run through our top tips on how you can keep your dedicated server protected.

1. Keep your server updated

The easiest way to make sure your dedicated server remains secure is to keep it up to date. When you update your server, you’re ensuring that you’ll receive all the latest security updates and bug fixes from your OS (operating system) vendor, and that your server is patched up as well as it can be. Plus, it’s important to always run the latest version of all of your software packages, as these are the most secure and stable versions.

During regular server maintenance, you should always check for updates and implement them as soon as possible. On a dedicated Linux server, you can check for updates and install them with the following commands:

sudo apt update

sudo apt upgrade

On a Windows dedicated server, all you need to do is click Start > Settings > Windows Update > Check for updates in order to check if there are any updates you need to install.

2. Don't install unnecessary plugins and software

Don’t install anything you don’t need. Keep your setup light, and if you’re using a platform like WordPress, try to assess which plugins you’re actually using and whether you really need them. This can minimise the risk of security issues on your dedicated server.

While most popular WordPress plugins are created by reputable developers, some plugins can be poorly coded or can be intentionally malicious, leading to potential security breaches on your server. To be safe when installing free WordPress plugins, always check the source, read reviews, investigate the developer and check how frequently the plugin is updated – remember that regular updates are key for dedicated server security. In addition, you can use security scanners like Solid Security Pro and WPScan – Plugin Security Scanner to assess a WordPress plugin.

3. Only use trusted networks

If you log in to your dedicated server from an unknown and unsecure public network, you’re putting your server at risk of attack. To avoid a nightmare situation, make sure you’re only accessing your server on a known and secure network, rather than allowing employees to log in from anywhere.

4. Choose secure hosting with DDoS protection

It doesn’t matter how many protective measures you put in place at your end if your host at the other end isn’t doing all they can as well. Make sure that you choose a secure and reputable hosting provider for your dedicated server. Reputable providers should be transparent about what security measures they have in place, such as firewalls, data encryption and physical security.

DDoS attacks involve networks of internet-connected machines that have been infected with malware, allowing a cyber attacker to control them and force them to overload a server with superfluous requests. This overwhelming amount of traffic prevents regular web traffic from being able to access your server – if you have a website, this means legitimate customers won’t be able to load your web pages, leading to a potential loss of earnings. To avoid this common yet devastating cyber attack, always check if your chosen hosting provider has specific DDoS protection measures built into their dedicated server hosting plans.

5. Change your default port numbers

One easy way to boost security is by changing your port numbers from known defaults as it makes your server harder to target. Port 22 is the standard port for SSH connections, which means that bots will automatically target this port during cyber attacks. Therefore, adjusting this will throw most hackers off the scent.

Linux

To change the SSH listening port on a Linux server, you need to edit the SSH configuration file with a text editor like Nano:

~$ sudo nano /etc/ssh/sshd_config

Locate the following line and replace ‘22’ with a number between 49152 and 65535:

# What ports, IPs and protocols we listen for

Port 22

Save and exit the config file. Then, restart your SSH service to ensure that these changes take effect.

Windows

For a Windows server, the easiest way to do this is to establish a Remote Desktop Connection with your server and then modify the registry to change the Remote Desktop listening port. Type ‘regedit’ in the search box to open the registry editor, and then navigate to the following registry subkey: 

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp

Next, follow these steps:

  • Find PortNumber
  • Click Edit > Modify
  • Click Decimal
  • Type the new port number you want to use
  • Click OK

To make sure these changes take effect, you need to close the registry editor and restart your computer. The next time you want to connect to your Windows server via Remote Desktop, you’ll need to use the new port number.

Finally, when changing port numbers, make sure you remember to configure your firewall to allow connections to the new port number (more on this later). 

6. Remove root access

When you set up a dedicated server, its default username is named ‘root’ and this user has total permission to perform any action within the server. Due to their permissions, the root user often is a target for hackers. Plus, with full root access, you’re able to make any changes you want to your server, which means that inexperienced users could end up making catastrophic and irreversible changes by accidentally deleting or editing critical system files. 

To reduce these risks, we recommend you disable the root user, and instead follow a system of only granting permissions to users when they’re actually needed. Before you disable the default root user, it’s important that you set up an alternative user with limited permissions.

Linux

On a Linux dedicated server, you can use the following command to create a new user:

sudo adduser CustomUserName

Remember to replace ‘CustomUserName’ with your chosen username. You’ll then need to create a strong and unique password for this new user. Once this is all set up, you can log into your dedicated server via SSH with your new username and password.

With your non-root account, you’ll be able to manage and customise your server without making changes to critical files. To ensure that your server stays secure, you should then disable root access to your server if you don’t need it. This can be done by modifying your SSH configuration file:

sudo nano /etc/ssh/sshd_config

Locate the following section and replace ‘yes’ with ‘no’ on the ‘PermitRootLogin’ line:

# Authentication: 

LoginGraceTime 120

PermitRootLogin yes 

StrictModes yes

Finally, you should restart your SSH service to save these changes:

sudo systemctl restart sshd

Windows

If you use a Windows dedicated server instead, your root user account will probably be called ‘Administrator’. To remove administrator privileges, you’ll need to create a new user account and disable the administrator account – just like with root access on a Linux server. To do this, follow these steps:

  • Remotely connect to your server (e.g., via Remote Desktop)
  • Open Server Manager > Tools > Computer Management
  • Right-click Users under Local Users and Groups on the left pane
  • Click ‘New User’ in the drop-down menu

You can then modify the username and password, and also set permissions by right-clicking on the user and selecting Properties.

Finally, to disable the administrator account, follow the same steps until you get to Users under Local Users and Groups. Double-click Users, right-click the administrator account and then select Properties. From here, select the Account is Disabled check box and click Apply to disable this user.

7. Lock ports to IP addresses

Using a firewall to lock a port's access to a specific IP or set of IPs allows you to control who can and can’t access your server. IP addresses are unique numbers that correspond to specific devices and locations. By locking your ports to these IP addresses, you’re limiting where your dedicated server can be accessed from. Only allowing known employees to access the business network creates a significant layer of protection.

Linux

If you’ve got root access to a Linux dedicated server, you can configure firewalls manually. The firewall utility for Linux systems is called iptables, which should be installed automatically on most Linux systems. Use the following command to check if iptables is installed on your dedicated server:

sudo apt-get install iptables 

You can then use iptables commands to create a new string, display all rules in a string, delete all rules, remove specified rules from a string, and much more. This means you can create specific rules for your firewall to have complete control over who can access your server.

Windows

To do the same on a Windows dedicated server, follow these steps:

  • Connect to your server via Remote Desktop
  • Click on Start > Administrative tools > Windows Firewall with Advanced Security
  • Click Inbound Rule > New Rule
  • Click Custom and then move to the next page of the popup menu
  • Select All Programmes
  • In the Protocol & Ports wizard, click Specific Ports in the Remote port field and then type in the port number
  • Click Next
  • To enter the Remote IP Address you want to use to connect to this port, click Add and then enter the IP address
  • Keep clicking through these menus to specify further rules for your connections and name these rules for easier management

You can learn more about configuring firewalls manually via Windows or a Linux command line interface with various online resources, but if you’re a Fasthosts customer, there’s a much simpler option. Fasthosts dedicated hosting customers can benefit from our easy-to-use Control Panel, which features an intuitive interface that gives you everything you need to manage your server – even if you’re a total beginner! Visit the Fasthosts Support site to learn more about managing firewall policies for your dedicated server through the Fasthosts Control Panel.

8. Secure database

Your server’s database is a cybercriminal’s goldmine, so you need to put it on maximum security. We recommend keeping user privilege to a minimum, deleting all unnecessary data, and ensuring that it’s SQL injection-resistant.

An SQL injection is a type of cyber attack where attackers use malicious SQL queries to read, access and modify data in your database. To secure your server’s database against these attacks, you can implement measures such as input validation and parameterised queries, which will mean that all queries are in an acceptable and safe format.

9. Establish emergency protocols for disaster recovery

Always be prepared for the worst. Make sure you have a thorough emergency protocol in place to minimise the damage that could be caused by a security breach. At a minimum, your emergency protocol should include resetting usernames and passwords, and you should create a pre-written statement explaining the situation that can be sent out to customers and put on your website.

10. Secure password usage – or even SSH keys rather than passwords

Sometimes having strong server security is as simple as choosing a strong password. Forget ‘myserver123’ and ‘serverpassword1991’. Use a random word and number generator and never use the same password twice.

You can take your password security to the next level by logging into your dedicated server using SSH keys and scrapping passwords for good. If you want to find out more about using SSH keys, check out our help page on the topic of using SSH to connect to a server.

11. Keep backups

While you can put in place any number of protective measures, sometimes things just go wrong. To make sure that your data is safe even in the worst case scenario, be sure to regularly back up your data. That way, if you do encounter problems with your dedicated server, you’ve got a backup plan.

To keep your data extra secure, we would recommend following the 3-2-1 rule. According to this data security rule, you should have at least three copies of your data, including two copies on different media and one copy off-site. Therefore, in addition to storing data on your dedicated server, it can be a great idea to also use cloud backup. This involves storing your data backups on a remote cloud server, giving you a secure off-site backup device.

12. Choose managed hosting

Most dedicated hosting plans are unmanaged, which means that you’re responsible for server configuration, software updates, monitoring, security and day-to-day server maintenance. This is great if you have experience with server management, but if you’re new to this, you may be more likely to overlook security issues. This can make your server more vulnerable to security threats.

If you don’t have the time or experience to manage your server effectively, you may benefit from a managed dedicated hosting plan. As the name suggests, these servers are managed by your hosting provider, so they’ll handle server security, updates, configuration and maintenance for you. Managed hosting plans can be much more expensive, but they may be worth it for you if you’re willing to pay extra for convenience and peace of mind.

Don’t risk it when it comes to server security

Information security should be one of the most pressing concerns for all responsible organisations. Allowing sensitive data to fall into the wrong hands could lead to disastrous consequences, both for data subjects, and your business.

If you're looking to invest in dedicated hosting, but you're still worried about data security, you're in safe hands with our Secure Dedicated Servers. Hosted exclusively in Tier IV, ISO 27001-certified data centres with the very latest in security technology, there's no need to fret with Fasthosts secure Dedicated Server Hosting.

If you've still got some questions about server security, our range of servers, or anything else, have a chat with our sales team.