opened image

Security on a cloud VPS: how to protect the server from attacks

Using a cloud VPS requires special attention to security issues, as cloud servers are constantly under threat from malicious actors. Cyberattacks on servers can lead to data leaks, information deletion, server downtime, and even the use of your VPS resources to conduct attacks on other systems. To understand how important VPS security is, let's consider some key types of threats:

  1. DDoS attacks (Distributed Denial of Service): The server is overloaded with numerous requests, making it unavailable to users and causing financial losses for the business.

  2. Brute force attacks: Malicious actors attempt to guess the login and password to gain unauthorized access, which can lead to complete system takeover.

  3. Malware and rootkits: After penetrating the server through vulnerabilities, attackers install malicious software that can perform hidden actions (data collection, sending spam, launching attacks on other servers).

 

 

These threats can be avoided through proper configuration and a comprehensive approach to security. In this article, we will discuss how to properly configure SSH, firewalls, implement two-factor authentication, and use other measures for protection.

 

Basic Security Measures for Cloud VPS

 

1. Configuring the SSH Network Protocol

SSH is the primary way to manage the server and "Installing and using the SSH protocol on Ubuntu 24.04 LTS", but its default settings make the server vulnerable to attacks. Connection protection can be ensured by taking certain security measures.

Changing the default SSH port
The default SSH port 22 is often scanned by malicious actors. To reduce the number of server attacks, it is recommended to stop using the SSH port and replace it.

Make the necessary changes to the sshd_config file to change the SSH port:
sudo nano /etc/ssh/sshd_config

In the configuration document, find the line with #Port 22 and set a different value, for example, 2200. Save the changes and restart the SSH service:
sudo systemctl restart ssh

 

 

  • Disabling password access
    Significantly improves the workflow by implementing and using SSH keys, which replace traditional passwords, as keys are difficult to brute-force. For configuration, refer to the actions described below:
    Key generation:
    ssh-keygen -t rsa -b 4096
    Creating a duplicate key on the server:
    ssh-copy-id user@server_ip
    Deactivating the password system:
    sudo nano /etc/ssh/sshd_config
    Set PasswordAuthentication to no, then restart the network protocol.

  • Using IP addresses to restrict access
    You need to use firewall settings or configuration files /etc/hosts.allow and /etc/hosts.deny to apply configurations that allow SSH access only for specific IP addresses.

 

2. Using Strong Passwords

 

Complex passwords containing at least 12 characters, special symbols, and letters in different cases increase resilience, playing a key role in protection against brute force attacks. It is recommended to use password managers to avoid memorizing complex combinations.

 

3. Two-Factor Authentication

 

To ensure a higher level of security, it is necessary to set up two-factor authentication (2FA). This adds another layer of protection, requiring not only a password but also a one-time code generated by an app on your phone.

Install the library:
sudo apt install libpam-google-authenticator

 

 

Set up authentication using Google Authenticator:
google-authenticator

 

 

Scan the QR code with the app and follow the instructions. The screenshot above is intended to show how it will look and was taken in a test environment.

 

4. Other Security Measures

Limiting access rights: Create separate users with limited rights and use sudo only when necessary.

Software updates: Old versions of software may contain vulnerabilities that attackers can exploit to hack the server. Regularly updating all packages reduces such risks:
sudo apt update && sudo apt upgrade

Log monitoring: Logs contain important information about suspicious activity on the server. Use tools like fail2ban and logwatch for automatic monitoring and notification of suspicious activity.

 

Firewall Configuration

 

A firewall is the first line of defense against unauthorized access to your server. You can use the ufw (Uncomplicated Firewall) utility, which can be used as a firewall. It is known for its simplicity in setup and management.

 

1. Installing and starting the utility

If you do not have a version installed, install and activate ufw:

sudo apt install ufw


 

sudo ufw enable

 

2. Allowing access via SSH

Allow SSH access to a selected port to avoid losing connection to the server:

sudo ufw allow 2200/tcp  # Specify your custom port

 

3. Configuring access rules

After configuring SSH, you can allow access to other services, such as HTTP and HTTPS:

sudo ufw allow 80/tcp

sudo ufw allow 443/tcp

 

4. Blocking all other connections

To enhance protection, completely block incoming connections except for those you have explicitly allowed:

sudo ufw default deny incoming

sudo ufw default allow outgoing

 

5. Analyzing and evaluating norms

The ability to review the active firewall rules and confirm that all configurations are functioning correctly is provided by the command ufw status:

sudo ufw status


 

Monitoring and evaluating security measures

Regular checks and monitoring of security help avoid incidents and prevent harm.

 

How to work with fail2ban
The fail2ban utility automatically limits access from IP addresses that exhibit suspicious behavior, such as multiple failed login attempts. Install the utility:
sudo apt install fail2ban


 

Prepare the configuration file and set the blocking parameters:


sudo nano /etc/fail2ban/jail.local

Set the necessary settings for SSH, HTTP, and other services.

 

Log monitoring with logwatch


logwatch — a utility that provides reports on suspicious activity on the server. Install logwatch:
sudo apt install logwatch


 

 

 

  1. To monitor activity occurring on the server, you should set up daily reports to your email.

  2. Data backup
    To protect your files from cyberattacks or administrator errors, it is extremely useful to conduct systematic backups of all necessary data. For setting up automatic backups, you can refer to rsync, cron, and cloud storage services.

 

 

Conclusion

By using the methods discussed, you can significantly strengthen the protection of your VPS and reduce risks. Fundamental, but by no means exhaustive security measures include setting up two-factor authentication, using complex passwords, and configuring SSH. Firewall configuration restricts access only to necessary ports, preventing unauthorized connections, while tools like fail2ban and logwatch help detect suspicious activities in a timely manner and prevent intrusion attempts.

It is also important to remember about systematic data backups. Regardless of how securely your system is protected, there is always a chance that the server will face an attack. In such cases, backups will provide invaluable assistance in quickly restoring the system and minimizing damage. Do not forget to periodically review and update your security settings in accordance with current threats. Modern cyberattacks are becoming increasingly sophisticated, and only constant attention to security will protect your VPS and the data on it.

To enhance your protection, strive to stay informed about new vulnerabilities and trends in cybersecurity. Using these recommendations in combination creates a powerful defense strategy and ensures stable and secure operation of your server, regardless of the tasks you use it for.