There is a "myth" that "Linux" systems doesn't have viruses and people believes without any configurations, Linux can still cover their back.

It's not true, there are non stop bots are trying random IP blocks with different combining of malicious codes or vulnerabilities if they can reach, almost zero human work, all automated until providing What Is required for people.

Do you think nowadays you are being hacked by human? :)

No you are just being hacked by a Computer Code which is written by a human, he is enough clever to not spend time while computers can obey him with certain commands and provide the things he needs.

So, in this jungle how you are going to keep your self secured?

Based on our experienced for Enterprise Servers, I'll try to share my recommendations and update it frequently to keep it clean source for whom going deep or requires security.

• Root User

It's the "basic" and "starting" rule for any servers, do not use "root" username for login to SSH, disable it completely and create user with permission control.

• SSH Port

Overall if we are looking through, it's not a protection but using difference port for SSH could bypass a lot of Bots which is focused only on well-known SSH ports. So it's always better to have on different ports (even it can be discovered easily with a port scan) still you will be in behind of other potencially attacked sites.

• SSH Keys:

Generate and Use SSH Keys with Key Phrases to connect server, this will protect you even your keyphase (password) is stolen anyhow, without valid key file, it can't be reached.

• IP Whitelist

You can install WireGuard VPN Server on your system and create peer and use WireGuard Protocol to be in same IP of your server and internally connect it and by whitelisting this IP to only can use SSH port, can totally block anyone's attempt or reaching the server. But as a note, you should always keep 1 backup IP as WireGuard sometimes can crash or disconnect from the network, to restore in case of any emergency.

Firewalld/UFW both can be done with easy rich rules.

• Disable USB & Storage Mounting:

Disabling USB and Storage mounting to the server will allow your server protect itself from physical access in high percent.

• Keep Softwares and Packages Up-to-Date

Some patches are including security based changes, so if you are on Production Environment that system is going on at the moment, you should keep and always update with "stable" latest ones. Sometimes it takes a while for not to loose stability because there might be compability problems can occur between upgrades, that is why I always recommend first to try these changes on a Demo Environment then go into live.

If you are looking for consultation, fill the Contact Form below.

Your most unhappy customers are your greatest source of learning. Bill Gates