Compared to shared servers, it's easy to acknowledge that virtual private servers offer a new set of amazing capabilities, some of them including configurations and resources shared server veterans cannot even picture. But even though there's been a massive increase in power, there is also a need for a great increase in security.
Questions regarding VPS security
When it comes to VPS security, this is the client's and also provider's responsibility. So, before you are completely certain your VPS is properly secured; you will have to answer a few questions to make sure. Some of them include the type of support you need, the amount of responsibility you can take on and the things you should look for in a provider....
Downside
Having root access to your server can be a disadvantage for many, because it means you will be able to introduce weaknesses to your server. Given that, if everyone else on your ISP's network won't use good and secure virtual private server practices, to some extent, the entire network will certainly be compromised.
Experience as an admin
The good news though is that some people might be very experienced sysadmins who are very well versed in HTML 1.0, which means that considering a startup with low fees would be a great start for them. But for the rest of the users, they will certainly need to look for an internet service provider that has a good reputation and offers excellent customer satisfaction. The right approach would be to look for an ISP which has a good history of virtual private server security.
Improving VPS security
The first thing you can consider in order to improve your VPS security is to use strong passwords. Not only that, but you will also need to consider basic server hardening tasks or check whether your internet service provider has someone that does this for you.
At this point you will also have to check whether your virtual private server hosting service offers strong firewalls. Knowing whether they host black hat websites, warez or phishing websites is mandatory. Some questions to be asked in this regard include:
- How's the provider's physical security? Can anyone off the street just walk in and gain access to its servers?
- In the case of physical failure, are your files safe?
- How is the VPS hosting service's redundancy?
- Is the VPS security of the hosting service strong enough? If so, can they offer you a report from a reputable security consultant?
Attending to your own VPS security
Even if the above questions would be answered, you will still need to attend to your own virtual private server security. This will include basics like using a strong Antivirus solution, installing ModEvasive, using secure PHP, defeating IP spoofing by editing host.conf, fixing the open DNS recursion, making use of SFTP, disregarding port 22 and running ssh on a different port, using a specialized tool for detecting port scans, installing a web application firewall and a regular firewall, but also disabling telnet.
As an admin, you will have to check the logfiles for errors, user uploads and you'll also need to run your AV solution as a cron job.
Lastly, using a dedicated VPS you will see that you will no longer have to worry about security issues. These servers are properly secured and maintained, so regardless of what you'll store on them, you can be sure the data will be safe from prying eyes.