Using a cloud VPS requires special attention to security issues, as cloud servers are constantly under threat from malicious actors. Cyberattacks on servers can lead to data leaks, information deletion, server downtime, and even the use of your VPS resources to conduct attacks on other systems. To understand how important VPS security is, let's consider some key types of threats:
DDoS attacks (Distributed Denial of Service): The server is overloaded with numerous requests, making it unavailable to users and causing financial losses for the business.
Brute force attacks: Malicious actors attempt to guess the login and password to gain unauthorized access, which can lead to complete system takeover.
Malware and rootkits: After penetrating the server through vulnerabilities, attackers install malicious software that can perform hidden actions (data collection, sending spam, launching attacks on other servers).
These threats can be avoided through proper configuration and a comprehensive approach to security. In this article, we will discuss how to properly configure SSH, firewalls, implement two-factor authentication, and use other measures for protection.
Basic Security Measures for Cloud VPS
1. Configuring the SSH Network Protocol
SSH is the primary way to manage the server and "Installing and using the SSH protocol on Ubuntu 24.04 LTS", but its default settings make the server vulnerable to attacks. Connection protection can be ensured by taking certain security measures.
Changing the default SSH port
The default SSH port 22 is often scanned by malicious actors. To reduce the number of server attacks, it is recommended to stop using the SSH port and replace it.
Make the necessary changes to the sshd_config file to change the SSH port:
sudo nano /etc/ssh/sshd_config
In the configuration document, find the line with #Port 22 and set a different value, for example, 2200. Save the changes and restart the SSH service:
sudo systemctl restart ssh
Disabling password access
Significantly improves the workflow by implementing and using SSH keys, which replace traditional passwords, as keys are difficult to brute-force. For configuration, refer to the actions described below:
Key generation:
ssh-keygen -t rsa -b 4096
Creating a duplicate key on the server:
ssh-copy-id user@server_ip
Deactivating the password system:
sudo nano /etc/ssh/sshd_config
Set PasswordAuthentication to no, then restart the network protocol.Using IP addresses to restrict access
You need to use firewall settings or configuration files /etc/hosts.allow and /etc/hosts.deny to apply configurations that allow SSH access only for specific IP addresses.
2. Using Strong Passwords
Complex passwords containing at least 12 characters, special symbols, and letters in different cases increase resilience, playing a key role in protection against brute force attacks. It is recommended to use password managers to avoid memorizing complex combinations.
3. Two-Factor Authentication
To ensure a higher level of security, it is necessary to set up two-factor authentication (2FA). This adds another layer of protection, requiring not only a password but also a one-time code generated by an app on your phone.
Install the library:
sudo apt install libpam-google-authenticator
Set up authentication using Google Authenticator:
google-authenticator
Scan the QR code with the app and follow the instructions. The screenshot above is intended to show how it will look and was taken in a test environment.
4. Other Security Measures
Limiting access rights: Create separate users with limited rights and use sudo only when necessary.
Software updates: Old versions of software may contain vulnerabilities that attackers can exploit to hack the server. Regularly updating all packages reduces such risks:
sudo apt update && sudo apt upgrade
Log monitoring: Logs contain important information about suspicious activity on the server. Use tools like fail2ban and logwatch for automatic monitoring and notification of suspicious activity.
Firewall Configuration
A firewall is the first line of defense against unauthorized access to your server. You can use the ufw (Uncomplicated Firewall) utility, which can be used as a firewall. It is known for its simplicity in setup and management.
1. Installing and starting the utility
If you do not have a version installed, install and activate ufw:
sudo apt install ufw
sudo ufw enable
2. Allowing access via SSH
Allow SSH access to a selected port to avoid losing connection to the server:
sudo ufw allow 2200/tcp # Specify your custom port
3. Configuring access rules
After configuring SSH, you can allow access to other services, such as HTTP and HTTPS:
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
4. Blocking all other connections
To enhance protection, completely block incoming connections except for those you have explicitly allowed:
sudo ufw default deny incoming
sudo ufw default allow outgoing
5. Analyzing and evaluating norms
The ability to review the active firewall rules and confirm that all configurations are functioning correctly is provided by the command ufw status:
sudo ufw status
Monitoring and evaluating security measures
Regular checks and monitoring of security help avoid incidents and prevent harm.
How to work with fail2ban
The fail2ban utility automatically limits access from IP addresses that exhibit suspicious behavior, such as multiple failed login attempts. Install the utility:
sudo apt install fail2ban
Prepare the configuration file and set the blocking parameters:
sudo nano /etc/fail2ban/jail.local
Set the necessary settings for SSH, HTTP, and other services.
Log monitoring with logwatch
logwatch — a utility that provides reports on suspicious activity on the server. Install logwatch:
sudo apt install logwatch
To monitor activity occurring on the server, you should set up daily reports to your email.
Data backup
To protect your files from cyberattacks or administrator errors, it is extremely useful to conduct systematic backups of all necessary data. For setting up automatic backups, you can refer to rsync, cron, and cloud storage services.
Conclusion
By using the methods discussed, you can significantly strengthen the protection of your VPS and reduce risks. Fundamental, but by no means exhaustive security measures include setting up two-factor authentication, using complex passwords, and configuring SSH. Firewall configuration restricts access only to necessary ports, preventing unauthorized connections, while tools like fail2ban and logwatch help detect suspicious activities in a timely manner and prevent intrusion attempts.
It is also important to remember about systematic data backups. Regardless of how securely your system is protected, there is always a chance that the server will face an attack. In such cases, backups will provide invaluable assistance in quickly restoring the system and minimizing damage. Do not forget to periodically review and update your security settings in accordance with current threats. Modern cyberattacks are becoming increasingly sophisticated, and only constant attention to security will protect your VPS and the data on it.
To enhance your protection, strive to stay informed about new vulnerabilities and trends in cybersecurity. Using these recommendations in combination creates a powerful defense strategy and ensures stable and secure operation of your server, regardless of the tasks you use it for.