How to Secure A Web Server

How to Secure A Web Server
Share on:

In this article, I show you all the steps needed to secure a web server and improve your security. I recommend doing all of these things on every installation. Also, just because you secure your server doesn’t mean you can neglect it. I highly recommend monitoring it and adjusting security as needed. Monitoring is required for proper security in my opinion.

Secure A Web Server Steps

firewall-png-577×359

Install UFW
sudo apt-get update
sudo apt-get install ufw
sudo ufw limit 22/tcp
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw enable

Verify
sudo ufw status

Do Global blocks
sudo ufw default deny incoming
sudo ufw default allow outgoing

ssh

Change SSH to Key

Remote Machine: ssh-keygen -t rsa

Transfer to Server

Method 1:

Transfer pub ssh key to server
scp ~/.ssh/id_rsa.pub [email protected]:~
cat ~/id_rsa.pub >> ~/.ssh/authorized_keys

Method 2:

Copy key and place in authorized_key file in one command
ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]

Secure a Web Server Disabling Password Auth through SSH

Change the following lines in /etc/sshd_config
ChallengeResponseAuthentication no
PasswordAuthentication no
UsePAM no
PermitRootLogin no

Edit /etc/sysctl.conf

Enable security features

settings

Prevent IP Spoof /etc/host.conf

Change File to mirror below:
​order bind,host
nospoof on

Install Fail2Ban

sudo apt install fail2ban
sudo systemctl enable fail2ban
sudo systemctl start fail2ban

Check Listening Ports

netstat -tunlp

You will now have completed the basics of a secure web server!

Video Walkthrough

secure web server
Note: YouTube Video - Hold Ctrl + Left Click to open in new window

I live stream on Twitch and encourage you to drop in and ask a question. I regularly publish on YouTube and christitus.com, but if you need immediate assistance, check out our discord channel at Chris Titus Tech Discord.