You can never be too careful when it comes to sensitive data like social security or credit card numbers. You have to assure your users that the data and information they provided to you is in good hands on your servers. Below are some ways on how you can achieve that security on your own server.

Choosing the Right Service Provider

Regardless whether you are using hosting, VPS, or even have a dedicated server, picking the right service provider is the first thing you need to consider.

Avoid Picking Too Cheap or Free Offers

Whatever you’re going to buy, this rule can be applied at all times and there are a few reasons why you should avoid these kind of offers when choosing your service provider. Why? In this kind of business industry, going with extra cheap and sometimes even free servers will eventually cost you more compared to picking a more expensive option. There is also a great chance that your app could land on an overpopulated server with too much traffic on it. The same idea applies to a VPS or Virtual Private Server, wherein your machine will be shared with too many people. In addition to this, cheaper dedicated servers can also be prone to unreliable hardware, which results to having your applications vulnerable to attacks and providing bad experiences to its users.

Check Their Security

It is also a good idea to contact the provider by calling them directly and ask them, how do they secure your application and data? You may want to consider doing this in case their website provides too little information on how they secure their clients’ data. Of course, expect that there will still be some restrictions when it comes to giving out their confidential information because if they don’t, you should think twice about choosing that particular provider.

  • Here are some questions you can ask these service providers:
  • How many people besides you, will have access to the server?
  • What happens to the disks that are replaced? Do they recycle them or sell to someone?
  • Is it possible to request tape backups of your data?
  • If so, who will have access to them?

Request for the Broken Disk If In Case

This is an incident that will likely to happen from time to time. If one of your hard drive fails and there was some sensitive data contained in it, request the provider to have it sent to you. Some providers are even more than happy to send it free of charge, as they don’t need to worry about recycling. While some may sell it to you, usually in a much cheaper price than the market price since it’s broken, of course. Though it may sound weird buying a broken hard drive, but come to think of all the important and sensitive information of all your users or clients that may leak eventually because of that broken drive, you will realize that it’s worth the cost.

Change Passwords Frequently

This is one practice that many people forget. If you have other users connecting to your server, you should oblige them to change their passwords once in a while. Most of the time, hackers who have successfully decrypted your password, may hold back and just stay low-profile, without you knowing that they are silently downloading all the important data they can get, and just sits and waits for the right moment to wreak havoc over your machine.

Block Ports and Disable All Unused Services

Everything that is opened and enabled on your server faces a possible security threat. Therefore, you should disable everything that you don’t really need and use on your server in order to minimize the risk of some services to fail and to avoid any possible attacks. There are a handful of tools that can do this job for you depending on the operating system you are using.

The same applies to ports. In most cases (HTTP(S) server plus SSH access), it is best to deny access on all ports except 80 (for HTTP traffic), 443 (for HTTPS), and 22 (or any other port of your choice for SSH). This is to ensure that even if you accidentally installed a faulty program, your server will still be safe from any kind of attacker.

Use an Antivirus

You may think that you don’t need to install any kind of antivirus because your server is running on Linux — think again. The number of viruses that can penetrate a Linux system may be small in numbers compared to that in Windows, but still, you have to accept the fact that they do exist and can still infect your machine. You need to have an antivirus program installed, especially if you allow your users to upload stuffs on your server. There are actually some cases wherein antivirus software can be a deterrent to your server. For example, if you are in the process of developing something, and then test it on your server while the antivirus is enabled, it may be reported to be a virus and you may encounter some problems determining what happened.

Tags: , , ,

This entry was posted by Staff Writer on Thursday, October 16, 2014 at 9:41:45 PM and is filed under Tech Tips & Tricks.

Leave a Response