No system is completely secure, however, you may take certain steps to increase the security of your server to make it harder for an attacker to gain access. Even simple tweaks like choosing a complicated password can make a huge difference, other things that are vital to ensure your system is secure can be like making sure you have the latest kernel and all updates have been applied.
Update your system
Be sure to update your system so that all security patches will be applied. You can do this by the “apt” package manager with a single line of code.
sudo apt update && sudo apt upgrade -y
Add a limited user
A root user has unlimited privileges and can execute any command. Furthermore when an attacker tried to brute force your system, if your root user is active and can be connected to using SSH then the attacker has half his work cut out for him as he simply needs to brute force your password only. By adding a limited user you will add another layer of protection. You can perform administrative tasks by using the sudo command. Add a limited user by using the commands below;
Now add the user you have created to the sudo group so you may have administrative privileges;
adduser name_of_user sudo
Harden SSH Access
SSH connects using password authentication by default, which is far less secure than using a cryptographic key pair. Passwords are far less secure as brute forcing them is much easier than brute forcing a cryptographic key pair. You also will want to configure SSH so that it does not allow root login.
SSH Daemon Options
- Do not allow root Login; Change the options below;
sudo nano /etc/ssh/sshd_config
# Authentication: ... PermitRootLogin no
Now restart the SSH Daemon;
sudo systemctl restart sshd
These are just a few things you can do to tighten the security of your system; please be sure to explore a little more and dive deeper into the world of cyber security.