A
A
admiralskiy692020-10-14 11:09:30
Burglary protection
admiralskiy69, 2020-10-14 11:09:30

How to protect your dedicated server from hacking?

I recently purchased a dedicated server from hatzner. I learned how to install the system and configure it. But what about security? We need good advice on which ports are better to close right away, how to protect yourself from netscan abuse, and what roles and services it is better not to install. The server will be used to visit sites closed in Ukraine and download files from the cloud.

Correction: Windows Server R2 2012 is installed on the server

Answer the question

In order to leave comments, you need to log in

3 answer(s)
P
paran0id, 2020-10-14
@paran0id

The basic set is simple:
- we close all ports, we open only those that are needed
- administrative access - via a non-standard port, with a kilometer password, and preferably without a password using a key
The rest depends on the operating system. The Google keyword is hardening: linux hardening, nginx hardening, etc.

D
Drno, 2020-10-14
@Drno

Hatzner has a firewall in lk. There and close all access, except for your or not only IP. Eats IP must be fixed

M
MrGroovy, 2020-12-16
@MrGroovy

Correction: Windows Server R2 2012 is installed on the server

If possible, I would recommend updating your version of the server as mainstream support for Windows Server R2 2012 ended in 2018. If this is not possible, then you need to install the latest patches. Since Windows Server R2 2012 has a number of kernel memory overflow issues.
Next, we configure the firewall, database and other services in accordance with the official documentation from Microsoft .
what ports should be closed immediately
We close everything that is not necessary for the immediate operation of the server.
what roles and services are better not to install
It's better not to install crooked and obsolete services. The former may contain malicious code, while the latter may contain system exploits.
For each individual vulnerability and for each individual type, there are different utilities for checking.
You can start with Nmap and continue by reading the OWASP Web Application Security Guide.
There are special resources, vulnerability scanners that can check most vulnerabilities at each level.
https://metascan.ru
https: //acunetix.com/
https: //detectify.com/

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question