Server Hardening

Published on December 4, 2019 at 11:18:34 PM GMT+8 by Administrator

What is server hardening and how to accomplish it and why does it important to hardening your server

Server Hardening

It is a process of enhancing the security of the server through variety of means. It is done so that one can optimize and enhance the security of their server. It is probably one of the most important task to be taken once a server is deploy especially on production environment because there is so much risk when the server is vulnerable.

Here are several tips and checklist to harden your server.

  1. Encrypt all communication data.
  2. Avoid sending critical information as plain text.
  3. Avoid using insecure protocol.
  4. Keep the server operating system up to date.
  5. Always use a strong combination of password especially on user accounts.
  6. Use non-standards port especially on production server.
  7. Disable direct root user login.
  8. For PHP scripting, update the php.ini configuration as follow;
    1. Do not allow fopen wrapper to open remote URLs.
      1. allow_url_fopen = 0
      2. allow_url_include = 0
    2. Do not allow runtime execution to be more then 30 seconds. A well script should not take more than 30 seconds to be executed.
      1. max_input_time = 30
      2. max_execution_time = 30
    3. Always make sure that the script does not consume more than 8MB of memory. In case script is compromised, this setting effectively limit the amount of memory that the script can use.
      1. memory_limit = 8M
    4. Disable the register global.
      1. register_globals = off
    5. Disable error message for end user. This is because the end user should only the layman term of error not the cause and why does the error appear as it may be a benefits for hacker if the error message is displayed.
      1. display_errors = 0
      2. display_startup_errors = 0
    6. PHP error should be log into one file that is secured.
      1. log_errors = 1
      2. error_log = /home/developer/log/php_error_log
  9. Configure the system firewall (Iptables) properly or get a software installed like CSF or APF.