Top 10 VPS security best practices for server admins

Securing your UK VPS (virtual private server) is important because a VPS is a virtual machine that runs on a physical server, and it shares that server's resources with other VPSs.

This means that if the security of one VPS is compromised, it could potentially affect the security of the other VPS on the same server.

In addition, a VPS is often used to host websites, store sensitive data, and run critical business processes, so the security of the VPS is crucial to the security of the websites, data, and processes it supports.

VPS security is also important because, like any computer system, a VPS is vulnerable to cyber attacks such as hacking, malware, and ransomware.

These attacks can result in data breaches, data loss, and disruption of business operations. By implementing strong security measures, VPS administrators can protect their VPS and the resources it hosts from these types of attacks.

Overall, VPS security is essential for protecting the integrity, confidentiality, and availability of the resources hosted on the VPS, and it is an important responsibility of VPS administrators to ensure their security.

In many cases, the tips below are included as part of our managed VPS hosting service.

However, you may want to implement some or all of these security tips yourself if you are using our unmanaged VPS hosting.

1. Use strong, unique passwords

One of the most basic but effective security measures for your VPS is using strong passwords for all accounts and services.

This includes the root password for the VPS itself, as well as passwords for any user accounts, databases, or other services running on the VPS.

By using strong passwords, you can help to prevent hackers and other malicious actors from guessing or cracking your passwords and gaining unauthorised access to your VPS.

This is especially important if your VPS is being used to host websites, store sensitive data, or run critical business processes, as a security breach on your VPS could have serious consequences.

Some tips for creating strong passwords for your VPS include using a combination of upper and lower case letters, numbers, and special characters; using long passwords (at least 12 characters is recommended); and avoid using personal information or common words in your passwords.

It is also a good idea to use a different password for each account or service on your VPS, as this helps to reduce the risk of multiple accounts or services being compromised if one password is discovered.

Tips for creating and managing strong passwords

  1. Use a combination of upper and lower case letters, numbers, and special characters in your passwords.
    This makes your passwords more difficult to guess or crack.
  2. Use long passwords. It is generally recommended to use passwords that are at least 12 characters long.
    The longer the password, the more secure it is.
  3. Avoid using personal information or common words in your passwords.
    Hackers and other malicious actors often use dictionary attacks, which involve trying common words and phrases as passwords.
  4. Use a different password for each account or service on your VPS.
    If you use the same password for multiple accounts or services, and that password is discovered, all of those accounts or services could potentially be compromised.
  5. Use a password manager.
    A password manager is a tool that stores and manages your passwords for you, and it can generate strong, random passwords for you to use. This helps to eliminate the need to remember multiple passwords, and it also ensures that you are using strong, unique passwords for each account or service.
  6. Regularly update your passwords.
    It is a good idea to change your passwords every few months or so, especially if you suspect that your VPS has been compromised or if you have reason to believe that your passwords may have been discovered by someone else.
  7. Don't share your passwords.
    It is important to keep your passwords to yourself and not share them with anyone else. This helps to ensure that only authorised individuals have access to your VPS.

2. Enable two-factor authentication

Two-factor authentication (2FA) is a security process that requires an additional step in addition to entering a username and password in order to access an account or system.

The additional step typically involves verifying your identity using a second device or method, such as a smartphone app, a text message, or a biometric fingerprint scan.

The purpose of 2FA is to provide an additional layer of security beyond just a password, which can be vulnerable to being guessed or hacked.

By requiring an additional step to verify your identity, 2FA helps to ensure that only authorised individuals are able to access the account or system.

2FA can be used to protect a wide range of online accounts and systems, including email accounts, online banking accounts, and social media accounts, as well as VPSs (virtual private servers).

Some of the benefits of using 2FA include:

  • Improved security:
    2FA helps to prevent unauthorised access to accounts and systems by requiring an additional step to verify the user's identity.
  • Convenience:
    Many 2FA methods, such as smartphone apps and text messages, are easy to use and do not require any special equipment or software.
  • Enhanced privacy:
    By requiring an additional step to verify your identity, 2FA helps to protect your personal information and prevent it from being accessed by unauthorised individuals.

Overall, 2FA is an effective way to enhance the security of your accounts and systems and protect your personal information.

There are several ways you can enable two-factor authentication (2FA) on your VPS (virtual private server), depending on the operating system and control panel you are using.

Here are some general steps you can follow to enable 2FA on your VPS:

  1. Determine the 2FA method you want to use.
    There are several options for 2FA, including smartphone apps (such as Google Authenticator or Authy), text messages, and biometric authentication (such as fingerprint scans). Choose the 2FA method that works best for you.
  2. Install any necessary software or apps.
    If you are using a smartphone app or biometric authentication, you may need to install an app or enable a feature on your device. Follow the instructions provided by the app or device manufacturer.
  3. Enable 2FA on your VPS.
    This will typically involve logging in to your VPS control panel and navigating to the security or authentication settings. Look for an option to enable 2FA, and follow the prompts to set it up.
  4. Test 2FA to ensure it is working properly.
    Once you have enabled 2FA on your VPS, try logging in to your VPS using your username and password, and follow the prompts to verify your identity using the 2FA method you have chosen. This will help to ensure that 2FA is working properly and that you are able to access your VPS.

Keep in mind that the specific steps for enabling 2FA on your VPS may vary depending on the operating system and control panel you are using.

If you are having trouble enabling 2FA, you may want to consult the documentation or support resources provided by your VPS hosting provider.

3. Keep the VPS and software up to date

From a security perspective, it is important to keep the VPS (virtual private server) and the software running on it up to date for several reasons:

  • Security vulnerabilities:
    As new security vulnerabilities are discovered in software, updates are released to fix those vulnerabilities. By keeping your software up to date, you can help to protect your VPS from being exploited by hackers and other malicious actors.
  • Improved performance:
    Software updates often include performance improvements and bug fixes, which can help to improve the stability and efficiency of your VPS.
  • New features:
    Software updates may also include new features or enhancements, which can be useful for improving the functionality of your VPS.
  • Compliance:
    Depending on the type of software running on your VPS, you may be required to keep it up to date in order to comply with industry regulations or licensing agreements.

Overall, keeping your VPS and software up to date is important for ensuring the security, performance, and functionality of your VPS.

It is a good idea to regularly check for updates and install them as soon as they are available.

Here are some tips for staying on top of updates for your VPS (virtual private server):

  • Set up automatic updates:
    Many operating systems and software programs offer the option to automatically install updates when they are available. By enabling automatic updates, you can ensure that your VPS and software are always up to date without having to manually check for updates. The level of updates can often be configured by the administrator (e.g. only security, features updates, etc.). We recommend setting automatic updates to at least cover all security patches that are released for your OS & applications.
  • Check for updates regularly:
    Even if you have automatic updates enabled, it is a good idea to periodically check for updates to make sure you are running the latest versions. You can usually check for updates by accessing the update or security settings in your VPS control panel or by using the update tools provided by your operating system or software such as apt & dnf.
  • Consider using a third-party update management tool:
    If you have multiple VPS or if you are managing a large number of servers, a third-party update management tool can help you to automate and streamline the update process. These tools can help you to keep track of updates across multiple servers, schedule updates to be installed at a convenient time, and monitor the status of updates. 
  • Test updates before installing them:
    Before installing updates on your VPS, it is a good idea to test them in a non-production environment to make sure they do not cause any issues. This can help to ensure that updates do not disrupt your business operations or cause any problems with your VPS.
  • Keep a record of updates:
    It is a good idea to keep a record of the updates you have installed on your VPS, including the date and version of each update. This can be useful for troubleshooting purposes or for compliance purposes if you are required to keep track of updates for regulatory reasons.

4. Use a firewall

A firewall is a security system that controls the incoming and outgoing network traffic based on predetermined security rules.

A firewall can be hardware-based, software-based, or a combination of both.

On a VPS (virtual private server), a firewall can be used to protect the VPS from unauthorised access and security threats by controlling the flow of traffic to and from the VPS.

The firewall can be configured to allow certain types of traffic and block others, based on the rules that have been set.

For example, the firewall could be configured to allow traffic from trusted sources and block traffic from known malicious sources.

There are two main types of firewalls: network firewalls and host-based firewalls.

Network firewalls are placed at strategic points within a network and are used to control traffic between different network segments.

Host-based firewalls, on the other hand, are installed on individual computers or servers and are used to control traffic to and from those specific systems.

To use a firewall on a VPS, you will typically need to install and configure firewall software or a firewall appliance.

This will involve setting up rules for the firewall to follow, such as which types of traffic to allow or block.

Once the firewall is configured, it will automatically enforce the rules you have set and help to protect your VPS from security threats.

Farbyte cloud KVM VPS IaaS comes with a free network firewall for every VPS you deploy on your infrastructure.

Additionally, our entire network is protected by edge firewalls that are configured to block a wide variety of malicious sources.

How to setup CSF on your VPS

ConfigServer Security & Firewall (CSF) is a host-based firewall that can be used to protect a VPS (virtual private server) from security threats.

Here is a general outline of the steps you can follow to set up CSF on your VPS:

  1. Install CSF:
    The first step is to install CSF on your VPS.
    You can do this by running the following command:
    wget https://download.configserver.com/csf.tgz
    tar -xzf csf.tgz
    cd csf
    sh install.sh
  2. Configure CSF:
    Once CSF is installed, you will need to configure it to suit your specific needs. To do this, you will need to edit the configuration file for CSF, which is located at /etc/csf/csf.conf. In the configuration file, you can set various options such as which ports to allow or block, which IP addresses to allow or block, and which services to monitor.

  3. Restart CSF:
    Once you're happy with your changes to the configuration, you will need to restart CSF for the changes to take effect. You can do this by running the following command:

    csf -r
  4. Disable CSF testing mode:
    If CSF restarts OK, you can no disable the anti-lockout feature in /etc/csf/csf.conf. Open /etc/csf/csf.conf & change TESTING = "1" to TESTING = "0". Then restart csf once more:
    csf -r

5. Secure access to the VPS

Securing access to your VPS (virtual private server) is important for protecting your VPS from unauthorised access and security threats.

Here are some tips for securing access to your VPS:

  • Use strong passwords:
    As mentioned earlier, strong passwords are difficult for hackers and other malicious actors to guess or crack, so they provide an additional layer of security. Be sure to use strong, unique passwords for all accounts and services on your VPS.
  • Use SSH keys:
    SSH (Secure Shell) keys are a more secure alternative to passwords for accessing your VPS. SSH keys consist of a private key and a public key, and they work by using the private key to encrypt a message that is then decrypted using the public key. This makes it much more difficult for hackers to intercept and crack the login credentials.
  • Restrict access to specific IP addresses:
    You can restrict access to your VPS from specific IP addresses using firewall rules or access controls. This can help to prevent unauthorised access from untrusted sources.
  • Enable two-factor authentication:
    Two-factor authentication (2FA) adds an additional layer of security by requiring an additional step in addition to entering a username and password in order to access your VPS. This can help to prevent unauthorised access to your VPS.
  • Monitor access to your VPS:
    Regularly monitoring access to your VPS can help you to identify and address any unauthorised access attempts. You can use tools such as log analysis software or security analytics platforms to monitor access to your VPS and identify any potential security threats.

How to restrict access to the VPS from specific IP addresses using CSF

To restrict access to your VPS from specific IP addresses using CSF, you will need to add those IP addresses to the firewall's configuration.

Here is a general outline of the steps you can follow:

  1. Determine the IP addresses you want to allow:
    The first step is to identify the IP addresses you want to allow. You can do this by checking your VPS logs or by using a tool such as WhatsMyIP to identify the origin of incoming traffic.
  2. Edit the CSF configuration file:
    The next step is to edit the CSF configuration file, which is located at /etc/csf/csf.allow. In the configuration file, you will find options for controlling access to your VPS from specific IP addresses.
  3. Block all other non-public ports:
    You will need to make configuration changes in your  /etc/csf/csf.allow file. For IPv4 you will need to configure the TCP_IN & UDP_IN ports to only allow public ports such as web server (80 & 443), etc. For IPv6 you will need to configure the TCP6_IN & UDP6_IN port settings.
  4. Restart CSF:
    You will need to restart the CSF daemon/service. To do so run the following command:
    csf -r

6. Monitor logs and activity

Monitoring logs and activity on your VPS (virtual private server) is important for security for several reasons:

  • Identifying security threats:
    By monitoring logs and activity on your VPS, you can identify potential security threats and take action to mitigate them. For example, you might notice unusual activity in your logs that indicates a hacker is trying to gain access to your VPS, or you might see that a service on your VPS is behaving unexpectedly, which could indicate a problem.
  • Monitoring access:
    Monitoring logs and activity on your VPS can also help you to monitor access to your VPS and identify any unauthorised access attempts. This can be especially important if you have sensitive information or data stored on your VPS.
  • Detecting anomalies:
    By analysing logs and activity on your VPS, you can often detect anomalies that could indicate a security issue. For example, you might see that a particular user is accessing resources on your VPS at an unusual time or in an unusual way, which could indicate that their account has been compromised.
  • Responding to security incidents:
    If you do experience a security incident on your VPS, monitoring logs and activity can be helpful for responding to the incident and taking steps to remediate it. By reviewing logs and activity, you can often identify the root cause of the incident and take steps to prevent similar incidents from occurring in the future.

Overall, monitoring logs and activity on your VPS is an important aspect of maintaining the security of your VPS.

By keeping track of what is happening on your VPS, you can identify and respond to potential security threats and help to protect your VPS from being compromised.

Here are some examples of tools and techniques you can use to monitor logs and activity on your VPS (virtual private server):

  • Log analysis software:
    Some examples of log analysis software include Elastic Stack (formerly known as ELK), Splunk, and Logz.io. These tools allow you to review and analyse log files from your VPS in order to identify patterns, trends, and anomalies.
  • Security analytics platforms:
    Some examples of security analytics platforms include Splunk Enterprise Security, IBM QRadar, and Sumo Logic. These platforms are designed to monitor logs and activity on your VPS and identify potential security threats.
  • Custom scripts and tools:
    You can use custom scripts and tools to monitor specific aspects of your VPS. For example, you might use a script to parse log files and extract specific information, or you might use a tool like Monit or Nagios to monitor the activity of a particular service or process on your VPS.
  • Manual review:
    You can also manually review logs and activity on your VPS in order to identify potential issues or anomalies. This can be especially useful for identifying more subtle or unusual problems that might not be detected by automated tools.

Overall, the best approach for monitoring logs and activity on your VPS will depend on your specific needs and requirements.

You may want to use a combination of different tools and techniques in order to get a comprehensive view of what is happening on your VPS.

7. Use a reputable hosting provider

The hosting provider's security measures can significantly impact the security of your VPS in a number of ways.

Here are a few examples:

  • Physical security of the data centre:
    The hosting provider should have strong measures in place to physically secure the data centre where your VPS is located. This could include things like access controls, surveillance, and backup power systems. At Farbyte we employ multiple physical security protection layers including high-security fencing & pass-protected door access within the data centre.
  • Network security:
    The hosting provider should have a secure network in place to protect against external threats such as hacking and DDoS attacks. This could include things like firewalls, intrusion detection systems, and virtual private networks (VPNs). At Farbyte we have multiple infrastructure firewalls & intrusion prevention systems in place to protect client VPS.
  • Host-level security: The hosting provider should have measures in place to ensure that the host servers are secure and that the operating system and other software is kept up to date with the latest security patches. You can rest assured that we regularly monitor our hosts for updates & apply them where necessary.
  • Backups: The hosting provider should have a robust backup system in place to protect against data loss due to hardware failures, human error, or other disasters. Backup & snapshot services are available for all Farbyte VPS services.

Overall, it's important to choose a hosting provider that takes security seriously and has strong measures in place to protect your VPS and your data.

Click the following link to learn more about our VPS infrastructure & security.

8. Implement network segmentation

Network segmentation is the practice of dividing a computer network into smaller subnetworks (segments) in order to improve security and performance.

By dividing a network into segments, it becomes more difficult for an attacker to access sensitive data or systems because they must first breach multiple smaller subnetworks before reaching the desired target.

Here are a few ways that network segmentation can improve security:

  1. Isolation of sensitive systems:
    By placing sensitive systems on a separate network segment, you can reduce the risk of those systems being compromised by an attacker who gains access to other parts of the network.
  2. Containment of malware:
    If malware is introduced to a network segment, it can be contained to that segment and prevented from spreading to other parts of the network.
  3. Improved visibility and monitoring:
    With network segmentation, you can more easily monitor and track activity on specific segments, which can help you detect and respond to security threats more quickly.
  4. Reduced impact of DDoS attacks:
    By spreading your network traffic across multiple segments, you can reduce the impact of a DDoS attack on any one segment and maintain some level of availability for critical systems.

Overall, network segmentation can be an effective way to improve the security of your network by reducing the risk of compromise and making it easier to detect and respond to threats.

How to implement network segmentation on your VPS

There are a few different ways you can implement network segmentation on your VPS, depending on your specific needs and resources.

Here are a few options:

  1. VLANs (Virtual LANs):
    VLANs allow you to create virtual networks within a physical network. You can use VLANs to segment your network by creating separate VLANs for different groups of devices or types of traffic.
  2. Subnetting:
    Subnetting is a way of dividing a network into smaller subnetworks, or subnets. You can use subnetting to segment your network by assigning different subnets to different groups of devices or types of traffic.
  3. Firewalls:
    Firewalls can be used to segment your network by limiting the flow of traffic between different parts of the network. You can use firewalls to create virtual "walls" between different segments of your network to restrict access and improve security.
  4. Virtual private networks (VPNs):
    VPNs allow you to create secure, encrypted connections between devices over the internet. You can use VPNs to create a virtual segment of your network that is separate from your main network and more secure.

To implement network segmentation on your VPS, you will need to configure the appropriate settings on your VPS and any networking equipment (such as switches and routers) that you are using.

You may also need to modify the network configuration of your devices to ensure that they can communicate with each other across the different segments of your network.

All of the above segmentation methods can be implemented on Farbyte UK IaaS Cloud (Infrastructure as a Service).

9. Regularly test and review security measures

It is important to regularly test and review security measures for your VPS because the threat landscape is constantly changing and new vulnerabilities are constantly being discovered.

By regularly testing and reviewing your security measures, you can ensure that your VPS is protected against the latest threats and that your security measures are effective.

Here are a few specific reasons why it is important to regularly test and review your VPS security measures:

  • Identify and fix vulnerabilities:
    Regular testing and reviewing of your security measures can help you identify vulnerabilities in your system that could be exploited by attackers. By fixing these vulnerabilities, you can significantly reduce the risk of your VPS being compromised.
  • Stay up to date with the latest threats:
    The threat landscape is constantly evolving, and new threats are being discovered all the time. By regularly testing and reviewing your security measures, you can ensure that your VPS is protected against the latest threats.
  • Ensure compliance with industry standards and regulations:
    Depending on your industry and the type of data you are handling, you may be required to meet certain security standards and regulations. Regular testing and reviewing of your security measures can help you ensure that you are compliant with these requirements.
  • Improve security posture:
    Regular testing and reviewing of your security measures can help you identify areas where you can improve your security posture and make your VPS more resistant to attacks.

Overall, regularly testing and reviewing your security measures is an important part of maintaining the security of your VPS and protecting your data and systems.

10. Create & Test VPS backups

Creating and testing backups for your VPS is an important part of maintaining the security and availability of your data and systems.

Backups allow you to recover your data and systems in the event of a disaster such as a hardware failure, data loss, or security breach.

Here are a few tips for creating and testing backups for your VPS:

  • Determine your backup needs:
    Consider the types of data and systems you need to back up, the frequency with which you need to create backups, and the level of protection you need.
  • Choose a backup solution:
    There are many different options for creating backups of your VPS, including backup software, cloud storage services, and physical media such as hard drives or tapes. Choose a solution that meets your needs and budget.
  • Configure your backup solution:
    Follow the instructions for your chosen backup solution to configure it for your VPS. This may include specifying the data and systems you want to back up, the frequency of backups, and the location where backups will be stored.
  • Create and store backups:
    Create regular backups of your VPS according to your configured schedule. Store backups in a secure location, such as a separate physical location or a cloud storage service, to protect them from data loss or damage.
  • Test your backups:
    Regularly test your backups to ensure that they are being created correctly and that you can restore your data and systems from them if necessary. This may involve restoring a backup to a test environment or simply verifying that the backup files are complete and usable.

Overall, creating and testing backups is an essential part of maintaining the security and availability of your VPS and its data.

Some backup solutions for your VPS include:

Here are a few VPS backup solutions that are popular among users:

  1. Veeam Backup & Replication: A comprehensive backup and disaster recovery solution that supports a wide range of platforms, including VPS environments.
  2. Acronis Backup: A comprehensive backup and recovery solution that supports a wide range of platforms and offers flexible scheduling, data compression, and encryption options.
  3. Carbonite: A cloud-based backup solution that offers automatic, continuous data protection and flexible restore options.
  4. CloudBerry Backup: A cross-platform backup solution that supports a variety of storage destinations, including popular cloud storage services.
  5. Backblaze: A cloud-based backup solution that offers unlimited storage and flexible restore options.
  6. CrashPlan: A cloud-based backup solution that offers unlimited storage and the ability to restore data from any point in time.
  7. Arq: A cross-platform backup solution that supports a variety of storage destinations, including popular cloud storage services.

These are just a few examples of the many VPS backup solutions that are available.

To choose the best solution for your needs, consider factors such as the types of data you need to back up, the frequency of backups, the level of protection you need, and your budget.