Top 2020 Hacker Prevention Tips for VM’s

The internet is a giant engine of collaboration and communication that anyone with access can contribute to.  While this has lead to many awesome developments such as organized knowledge at the tips of our fingers and better connection with other users, not all developments born from the internet are positive.  Bad actors can cause issues directly via hacking, or indirectly via malware and other malicious software.  

Having a strategy to prevent as much of this potential harm as possible is highly recommended.  This guide serves as a starting point for some basic security measures you can take to start safeguarding your environment.  It is important to stress this isn’t a comprehensive guide nor will it guarantee that nothing malicious occurs.  Security in a shared computing environment is much like security for your home, it is extremely difficult to make a home break-in proof, but it is easy to make a home much harder to steal from.

With that in mind please treat these suggestions as a starting point.  There is much more that can be done to improve security beyond the scope of this guide.  You will need to determine if additional measures are required for any laws or regulations regarding your business, as well as any additional measures desired for peace of mind.  Any links from here forth will bring you to a guide to help with a described suggestion.

Choose a strong password, or better yet, don’t use password authentication

Passwords used should be strongly crafted.  Utilize a variety of character types and a decent length, at least 8 characters.  The more variety to a password the longer it takes for a hacker to be able to guess or brute force it.

However, an even more secure option is to simply forego using a password for remote authentication.  By setting up SSH keys for your Linux devices, you can not only authenticate to your server in a more secure manner, but also forego having to utilize a password.

Change your access port

By default, Linux utilizes port 22 for SSH and Windows utilizes port 3389 for RDP.  This is common knowledge that hackers regularly use to attempt to exploit.  While most attempts will be thwarted by a strong method of authentication, it is recommended to change SSH or RDP to run on a different port.  This simple change can cause a lot of automated malicious agents to simply pass over the server altogether, or cause a bad actor from caring enough to continue, reducing the chances of something or someone breaking in.  Security through obscurity is very effective on a computing environment.

Lock down your firewall

Firewalls are your first line of defense against many malicious attacks.  The mentality taken when setting up your firewall should be to only allow traffic through the firewall that the server requires for its functions.  As an example, for a web server, you would likely only leave ports 80 and 443 open, and deny traffic on all other ports with the possible exception of an SSH or RPD port.  The server should only accept traffic it needs to perform its desired functions.

Utilize fail2ban or similar

One of the most common methods that malicious actors use to attempt to access a server is brute force. This simply means throwing hundreds or thousands of possibilities at the server in order to attempt to guess a password.  Utilize fail2ban for Linux systems or wail2ban for Windows systems to thwart such attempts.  These services watch attempts to authenticate to your server and block repeated attempts at a firewall level.  This not only eliminates these actors from being able to continue to attempt to access the server, but also improves performance by not allowing these requests to even be processed by the server.  They are simply discarded.

Keep items up to date

The unfortunate nature of software development is that it is inevitable that mistakes happen.  These are often harmless, or at least harmless from a security standpoint and manifest as bugs. However, some bugs affect the security of a server and thus become a vulnerability. Developers will often patch such issues as soon as possible so it is advantageous to ensure your OS and installed programs and packages are up-to-date.  This will save you from any issues the developer has already solved.

Set up users and permissions

Set up custom users for administration and access to your environment and devices.  Lock those users down so they can only access what is necessary for that user’s function.  You can think of this like compartmentalizing.  If a particular user gets compromised only specific items are at risk instead of the entire server.

Disable Root access

Set up all access to the server via custom users.  If root access is needed grant sudo permission to a specific user.  Root login access should be disabled entirely.  This prevents malicious actors from gaining access to the root user and significantly reduces the risk of a bad actor gaining higher level permissions.  

Disable unnecessary services

This links back to the firewall recommendations.  For the same reason, namely minimizing the profile of available attacks, you should disable any unnecessary services on your servers.  This means that there are less items active on the server and thus less potential weak points for a malicious user to exploit.  Security is much like a chain, it is only as strong as the weakest link.  Minimizing the number of links means less effort reinforcing the remaining required links.

Have a plan for the worst

As mentioned at the beginning of the article, these are all preventative measures.  One should also have a plan for if such preparations fail.  Backups, images, and redundancy are your best tools here, but these all need to be prepared ahead of time to be effective.  Read on here in our primer for disaster recovery for more ideas and guides on setting up for the worst cases.

Leave a Reply

Your email address will not be published. Required fields are marked *