We have looked at security in the past, but we have gotten into the specifics of given platforms. It can help to start with a common sense list of tasks that will help you lock down server security no matter the platform you are on. In the modern world of virtual machines and containers all over the network, these general rules may be easier to track and implement.
Keep Up To Date
If you don’t know where to start on server security, then go to the experts. The OWASP and NIST sites are an excellent source for the latest information and best practices. You may think these sites are too complicated or security-minded for you to find them useful. However, these sites are full of suggestions that are easy to implement, and they are described in a language that is not overly technical.
Hide Your Identity
Firewalls are well known and available on every server. Take advantage of these tools and shut off access to all ports you do not need. It may seem like a bit of a headache. However, blocking access goes a long way towards keeping your system safe. This is only a first step. Take a look at your configuration files for your server and applications (web server, application server, etc.). Many of these have information that they provide visitors that can be useful to hackers. This includes application names, versions, and similar data that should be removed. There is no need for this information so go ahead and remove it.
The general identity-related data mentioned above is only part of the problem. The log files these applications create often have data that is even more useful to hackers. Yes, the logs files require access to the server (usually). Nevertheless, there is no reason to make it easy once someone does get access to the server. Turn the log settings to production level and check them periodically to ensure that there is no data in them that could be useful to an attacker.
Along with making sure your log files are clean, check them periodically for access patterns and discrepancies that point to an attack. You can find highly valuable anti-hacker data like IP addresses they use and the approaches they are taking to break into your server. This can help you stay ahead of them and adjust security measures so they keep guessing.
One of the best ways to server security is to use common sense. Avoid simple passwords and default usernames. When you can, change the login of the administrator and root accounts to a non-obvious name. Also, block access to external systems as those root accounts. If you need to ease security for maintenance or so the administrator can access it, then do so but only as much as is required. Change up your information on a regular basis. This includes regular password changes. Ensure you do not do derivatives (password1 then password2 then password3, etc.).
This is just a few steps to server security that can turn you from a victim to a system that hackers pass over. No one is one hundred percent safe, but the less obvious a target you are, the better.