Webmaster Tools

Home | Website Attackers | Security Terms | Security Risks | Client security | Server security | Security checklist | Contact me

Server security checklist

By following some simple steps, security can be greatly enhanced on a server. Although it's extremely difficult to fend off a dedicated hacker, following some simple security policies will make sure your website isn't considered an easy target.

Web Server Security Checklist:

  • Set or change all passwords - passwords are typically emailed (in plain text that a hacker can intercept) or set by the hosting provider. It's important to change all passwords so that you are certain only a specific set of individuals have access.
  • Disable unnecessary services - historically, many exploits that have taken over machines have been found in unnecessary services (Such as Microsoft Internet printing service). It's important to turn off all unnecessary services to reduce the risks of exploits. The more ports and services your computer has open, the greater chance someone can use those to break into the system.
  • Install a firewall - A firewall controls what ports are available to the outside world. It can also detect attempts to enter your server.
  • Install virus protection software - Viruses can cause a tremendous amount of harm to a machine. It's important to run virus detection software that is up-to-date in order to catch viruses before they infect the machine, and potentially infect everyone who accesses it.
  • Update your software - New security holes are found in software every day, and software manufactures are patching software to secure those holes. It's important to take advantage of the patches by downloaded updates to the software. Software can generally be configured to update on a scheduled basis.
  • Configure and monitor backups - With or without any security issues, it's important to have a recent backup of all critical data. If a hacker does break into your system, or you simply have a hardware failure, it's generally considered enterprise critical to have a way to recover from that failure. It's also important to monitor your server to ensure the backup is in fact happening and that the required data is being backed up.
  • Monitor your server - A server has a general log file that contains information and potential problems. Viewing this log can tell you what programs are running properly, and what programs are failing.