Many jump straight to software vulnerabilities, but a server security still needs to be given high priority and importance. The best way to ensure a server is physically secure is to choose a reputable and secure host like ServerPronto, but there are some steps to take if you want to create an even safer server hosting environment.
1. Ensure Your Server is in a Secure Datacenter
Your organization or business’s server should be in a data center that only allows authorized users and staff. Ideally, the data center will have 24/7 video camera monitoring and restricted access points.
2. Disable booting from External Devices in BIOS
You will want to configure your BIOS to disable booting from CDs, DVDs. external devices, floppy drives, USBs, etc. This can be done in the boot menu.
3. Enable BIOS Password
Different BIOS interfaces and their supported passwords will vary, but in general, there are 3 passwords you can use to prevent someone from having unauthorized access to your server: Supervisor password, user password, and HDD password. if all the options are supported on your server, you can use supervisor password to prevent BIOS changes, user password to prevent unauthorized access to the server’s OS, and HDD password to prevent access to the hard disk and its contents (It’s almost as effective as encrypting the hard drive).
4. Password protect GRUB Boot Loader
By default, many systems do not have GRUB secured with a password. When looking to increase your Linux server’s security you can add a password line to your grub.conf file. You should be able to find the file at /boot/grub/grub.conf
When you find the file, add the following line for a password.
$ cat /etc/grub.conf default=0 timeout=15 password GrbPwd4SysAd$ ..
After adding the password, you will want to encrypt the password so that it isn’t just plain text in the grub.conf file. You can do that by doing the following:
# grub-crypt Password: GrbPwd4SysAd$ Retype password: GrbPwd4SysAd$ ^9^32kwzzX./3WISQ0C then
$ cat /etc/grub.conf default=0 timeout=15 password --encrypted ^9^32kwzzX./3WISQ0C ..
Let’s Review
So, you’ve ensured your server is in a secure datacenter, disabled booting from external devices, enabled a BIOS password and password protected GRUB Bootloader. What else can you do to ensure your server security is done as possible? Ensure you are with a high-quality host (like ServerPronto) and check out a revolutionary new form of web hosting called geo-redundant cloud hosting. Geo-redundant cloud hosting will prevent physical failure of a server due to hardware failure, an insecure hosting environment, and other factors. Learn more about geo-redundant cloud hosting.
ServerPronto offers the best affordable and secure hosting service in all dedicated server packages.
Comments are closed.