How to secure a dedicated server
In a world of rapidly increasing cybercrime, the importance of a secure server cannot be overlooked. In fact, by the end of 2024, the cost of cyber attacks on the global economy is expected to reach an astronomical $10.5 trillion. Despite the obvious importance of cybersecurity, there’s a severe labour shortage in the industry, and many individuals and business owners aren’t doing all they can to keep their servers secure.
So what can you do to change this? In this guide, we're going to take a look at some of the best ways to keep your dedicated server as secure as possible, to help you protect your data and business from threats.
What is a dedicated server?
A dedicated server is exactly what it says on the tin. When you pay for a dedicated server, its storage space and computing power are dedicated solely to you and your projects. This is the opposite of shared hosting servers, which are split between multiple tenants, and makes dedicated servers a popular choice as there are fewer security risks.
Learn more: What is a dedicated server?
Why is security important for a dedicated server?
In the age of information, malicious individuals are increasingly turning to one precious resource: data. According to Experian, 85% of businesses see data as one of their most valuable assets. So if you've got a dedicated server sitting there without adequate protection, you could be leaving your business (or even your clients' businesses) exposed to malware, password breaches, and DDoS (distributed denial of service) attacks. This also applies to other types of servers too — it’s always vital to protect sensitive information from hackers.
How dedicated servers can improve security
If security is one of your priorities, a dedicated server should be your number one choice for web hosting. As you share your dedicated server with no one else, all of the resources are yours, and so is the security. You don’t have to worry about breaches coming from other users when it’s just you, whereas with shared hosting, you’ll share server space with another customer who has very weak security, which means that the whole server could be breached. This lack of sharing is a major benefit of dedicated servers and a main reason why so many people opt for them.
However, this doesn’t mean you can be complacent when it comes to dedicated server security. Although these servers are more secure than other hosting options, including shared hosting, VPS hosting and cloud hosting, they still need to be monitored, maintained and updated to keep hackers at bay. Plus, there are many security measures you can implement to ensure your data and your customers’ data is as safe as possible.
How to secure your dedicated server
Let’s run through our top tips on how you can keep your dedicated server protected.
1. Keep your server updated
The easiest way to make sure your dedicated server remains secure is to keep it up to date. When you update your server, you’re ensuring that you’ll receive all the latest security updates and bug fixes from your OS (operating system) vendor, and that your server is patched up as well as it can be. Plus, it’s important to always run the latest version of all of your software packages, as these are the most secure and stable versions.
During regular server maintenance, you should always check for updates and implement them as soon as possible. On a Linux dedicated server, you can check for updates and install them with the following commands:
sudo apt update
sudo apt upgrade
2. Don't install unnecessary plugins and software
Don’t install anything you don’t need. Keep your setup light, and if you’re using a platform like WordPress, try to assess which plugins you’re actually using and whether you really need them. This can minimise the risk of security issues on your dedicated server.
While most popular WordPress plugins are created by reputable developers, some plugins can be poorly coded or can be intentionally malicious, leading to potential security breaches on your server. To be safe when installing free WordPress plugins, always check the source, read reviews, investigate the developer and check how frequently the plugin is updated – remember that regular updates are key for dedicated server security. In addition, you can use security scanners like Solid Security Pro and WPScan – Plugin Security Scanner to assess a WordPress plugin.
3. Only use trusted networks
If you log in to your dedicated server from an unknown and unsecure public network, you’re putting your server at risk of attack. To avoid a nightmare situation, make sure you’re only accessing your server on a known and secure network, rather than allowing employees to log in from anywhere.
4. Choose secure hosting with DDoS protection
It doesn’t matter how many protective measures you put in place at your end if your host at the other end isn’t doing all they can as well. Make sure that you choose a secure and reputable hosting provider for your dedicated server. Reputable providers should be transparent about what security measures they have in place, such as firewalls, data encryption and physical security.
DDoS attacks involve networks of internet-connected machines that have been infected with malware, allowing a cyber attacker to control them and force them to overload a server with superfluous requests. This overwhelming amount of traffic prevents regular web traffic from being able to access your server – if you have a website, this means legitimate customers won’t be able to load your web pages, leading to a potential loss of earnings. To avoid this common yet devastating cyber attack, always check if your chosen hosting provider has specific DDoS protection measures built into their dedicated server hosting plans.
5. Change your default port numbers
One easy way to boost security is by changing your port numbers from known defaults as it makes your server harder to target. Port 22 is the standard port for SSH connections, which means that bots will automatically target this port during cyber attacks. Therefore, adjusting this will throw most hackers off the scent.
To change the SSH listening port on a Linux server, you need to edit the SSH configuration file with a text editor like Nano:
~$ sudo nano /etc/ssh/sshd_config
Locate the following line and replace ‘22’ with a number between 49152 and 65535:
# What ports, IPs and protocols we listen for
Port 22
Save and exit the config file. Then, restart your SSH service to ensure that these changes take effect.
6. Remove root access
When you set up a dedicated server, its default username is named ‘root’ and this user has total permission to perform any action within the server. Due to their permissions, the root user often is a target for hackers. Plus, with full root access, you’re able to make any changes you want to your server, which means that inexperienced users could end up making catastrophic and irreversible changes by accidentally deleting or editing critical system files.
To reduce these risks, we recommend you disable the root user, and instead follow a system of only granting permissions to users when they’re actually needed. Before you disable the default root user, it’s important that you set up an alternative user with limited permissions. On a Linux dedicated server, you can use the following command to create a new user:
sudo adduser CustomUserName
Remember to replace ‘CustomUserName’ with your chosen username. You’ll then need to create a strong and unique password for this new user. Once this is all set up, you can log into your dedicated server via SSH with your new username and password.
With your non-root account, you’ll be able to manage and customise your server without making changes to critical files. To ensure that your server stays secure, you should then disable root access to your server if you don’t need it. This can be done by modifying your SSH configuration file:
sudo nano /etc/ssh/sshd_config
Locate the following section and replace ‘yes’ with ‘no’ on the ‘PermitRootLogin’ line:
# Authentication:
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes
Finally, you should restart your SSH service to save these changes:
sudo systemctl restart sshd
7. Lock ports to IP addresses
Using a firewall to lock a port's access to a specific IP or set of IPs allows you to control who can and can’t access your server. IP addresses are unique numbers that correspond to specific devices and locations. By locking your ports to these IP addresses, you’re limiting where your dedicated server can be accessed from. Only allowing known employees to access the business network creates a significant layer of protection.
Visit the Fasthosts Support site to learn more about managing firewall policies for your dedicated server.
8. Secure database
Your server’s database is a cybercriminal’s goldmine, so you need to put it on maximum security. We recommend keeping user privilege to a minimum, deleting all unnecessary data, and ensuring that it’s SQL injection resistant.
An SQL injection is a type of cyber attack where attackers use malicious SQL queries to read, access and modify data in your database. To secure your server’s database against these attacks, you can implement measures such as input validation and parameterised queries, which will mean that all queries are in an acceptable and safe format.
9. Establish emergency protocols for disaster recovery
Always be prepared for the worst. Make sure you have a thorough emergency protocol in place to minimise the damage that could be caused by a security breach. At a minimum, your emergency protocol should include resetting usernames and passwords, and you should create a pre-written statement explaining the situation that can be sent out to customers and put on your website.
10. Secure password usage - or even SSH keys rather than passwords
Sometimes having strong server security is as simple as choosing a strong password. Forget ‘myserver123’ and ‘serverpassword1991’. Use a random word and number generator and never use the same password twice.
You can take your password security to the next level by logging into your dedicated server using SSH keys and scrapping passwords for good. If you want to find out more about using SSH keys, check out our help page on the topic of using SSH to connect to a server.
11. Keep backups
While you can put in place any number of protective measures, sometimes things just go wrong. To make sure that your data is safe even in the worst case scenario, be sure to regularly back up your data. That way, if you do encounter problems with your dedicated server, you’ve got a backup plan.
To keep your data extra secure, we would recommend following the 3-2-1 rule. According to this data security rule, you should have at least three copies of your data, including two copies on different media and one copy off-site. Therefore, in addition to storing data on your dedicated server, it can be a great idea to also use cloud backup. This involves storing your data backups on a remote cloud server, giving you a secure off-site backup device.
12. Choose managed hosting
Most dedicated hosting plans are unmanaged, which means that you’re responsible for server configuration, software updates, monitoring, security and day-to-day server maintenance. This is great if you have experience with server management, but if you’re new to this, you may be more likely to overlook security issues. This can make your server more vulnerable to security threats.
If you don’t have the time or experience to manage your server effectively, you may benefit from a managed dedicated hosting plan. As the name suggests, these servers are managed by your hosting provider, so they’ll handle server security, updates, configuration and maintenance for you. Managed hosting plans can be much more expensive, but they may be worth it for you if you’re willing to pay extra for convenience and peace of mind.
Don’t risk it when it comes to server security
In 2023, information security should be one of the most pressing concerns for all responsible organisations. Allowing sensitive data to fall into the wrong hands could lead to disastrous consequences, both for data subjects, and your business.
If you're looking to invest in dedicated hosting, but you're still worried about data security, you're in safe hands with our Dedicated Servers. Hosted exclusively in Tier IV, ISO 27001 certified data centres with the very latest in security, there's no need to fret.
If you've still got some questions about server security, our range of servers, or anything else, have a chat with our sales team.