How to Secure Your Server - dummies

By Steve Suehring, Janet Valade

As a web developer, you need to ensure that your web application is secure. If you’re also performing administration duties on the server, then you need to secure the server as well. The server itself should be secured. This usually means hardening the server and ensuring that the server uses a firewall.

Harden the server

Typically this means hardening the operating system by uninstalling unnecessary services. For example, there’s typically no reason to run a print server on the same server that runs the public website.

Disabling and uninstalling unnecessary services reduces the footprint of the server, which means that there are fewer things for an attacker to exploit.

Tools like SELinux and grSecurity also enhance the security of a server and reduce the ability of successful attackers from compromising more than their own little sandboxes.

Use a firewall

Whether you use a firewall on the server itself or use a firewall at the point where the Internet meets your network, or both, you should make sure that there’s a firewall blocking connections to all ports except those specifically allowed, such as TCP ports 80 and 443 for a typical web server.

A better scenario is to run the firewall both at the ingress point (the point where the Internet meets your network) and on the server itself. Doing so means that the web server will be protected even if an attacker finds another way into the network.

All major operating systems include built-in firewall tools and they’re both easy to set up and easy to maintain.