There may be a bit of triviality somewhere, but in our experience, out of 100 obvious things, a good 20% are always either forgotten or not fully taken care of. This is where small and big problems come from. So let’s avoid them and make our infrastructure secure!
In this article, we’ll look at both cases from our own experience and some illustrative ones known to the general public. Believe me, we’ve seen enough in our 10 years on the market – from hacked servers with a password like 123qwe, server backups on the same server, and ssh keys freely available on GitHub.
We don’t claim to be “security experts”, but we want to share with you what our community has encountered, which will allow you to double-check yourself.
1. Use complex passwords not only for prod 🙂 and secure the connection to the servers
Of course, you will remember to do everything right on prod, but what about servers that are used purely for internal needs? Do you think it’s trivial? It is! And that’s why, very often, many people just “forget” about it. Having a strong password is not a 100% guarantee that you won’t be hacked, but if you also think about blocking access over IP, even with a cracked password, it will not be possible to get into your infrastructure.
Case study: This is the solution we offered our client when he periodically complained about some new files on the server that shouldn’t have been there. We don’t know how and where the client stored the access password, but after restricting access by IP, the “mysterious” files stopped appearing.
Recommendations:
✔ Use complex passwords that contain letters, numbers, and special characters on ALL infrastructure. Even if that server is used once a year and there is “nothing important” there
✔ Always change automatically generated passwords from your hoster.
✔ Use a VPN to administer the server and restrict access for all IPs except yours.
✔ Hide the real IP address of your server – this significantly reduces the potential scale of damage.
✔ Update passwords regularly and avoid reusing them.
2. Failure to update software on time
Outdated software, operating systems or CMS (e.g. WordPress, Joomla) often contain vulnerabilities that attackers can exploit.
Case in point: In 2017, the world was gripped by the WannaCry ransomware attack, which exploited a vulnerability in an outdated version of Windows. Many companies that did not install updates for the operating system fell victim to the attack. The virus encrypted data on thousands of computers, demanding a ransom to decrypt it.
Recommendations:
✔ Install updates and patches for all infrastructure components.
✔ Set up automatic updates for critical systems.
✔ CVE. Monitor the emergence of new and previously identified vulnerabilities for the software you use.
✔ Regularly scan your software for vulnerabilities.
3. Have and adhere to a cybersecurity policy in the company
There are different situations. Take care of a script in case of an incident. Who is responsible, when and for what. What actions will be taken in the first place, and these people should also have backup with the appropriate level of security clearance. Someone may be on vacation, out of service, etc. It is better to have all this and not need it than vice versa.
Case study: Here we can recall the situation with Kyivstar. There is a golden triangle of cyber defense, which includes technology, processes, and people. If people are not trained, if the human factor is not taken into account, any company can be hacked.
Recommendations:
✔ Have a cybersecurity policy and specific actions for various incidents.
✔ Pay attention to the cyber hygiene of your team, improve the skills of your technical specialists.
✔ Restrict access to ports that are not in use.
✔ Configure firewall rules to allow only necessary traffic.
4. Lack of backups
Even with the best security, there is always a risk of data loss due to attacks, hardware failures, or administrator error. Lack of backups can have catastrophic consequences.
Case study: This is exactly what happened to one of our clients (he became a client after this incident, actually) So, in 2021, OVH’s data center in Stradburg burned down. The most interesting thing is that the client still thought about backups, although he kept them on the same server in the same data center.
Unfortunately, it was not possible to restore the data, but we dispersed the client’s entire infrastructure across different geographies and different servers for dedicated tasks. We set up RAID and synchronization with other servers. Now, even in case of a fire, everything will be fine.
Recommendations:
✔ Set up regular data backups.
✔ Store backups on separate servers or in cloud storage.
✔ Check the integrity of backups and perform test restores.
✔ Check if the backup automation is running at the frequency you want
5. Ignoring data encryption
Transmitting sensitive data (e.g. passwords, payment information) without encryption makes it easy prey for attackers.
Case in point: In 2018, British Airways was fined 183 million pounds due to a data breach of 500,000 customers. Attackers were able to intercept confidential information (credit card numbers, names, addresses) because the data was transmitted without proper encryption on the company’s website.
Recommendations:
✔ Use HTTPS protocols to protect data in transit.
✔ Encrypt backups, important files, and databases on the server.
✔ Use SSL/TLS certificates for websites.
6. Improperly configured access rights
Granting excessive access rights to users or services can lead to unauthorized access to critical resources.
Case study: A client contacted us because of a sudden increase in server load. Malware (a cryptocurrency miner and a remote control program) was detected, and an SSH key of an unknown person was added. After the malware was removed, the attacker regained access through malicious code in the Bash profile and a vulnerable website module. Once these vulnerabilities were fixed, the attacker’s access was completely blocked.
Recommendations:
✔ Follow the principle of minimum privileges (grant only the necessary rights).
✔ Do not concentrate all accesses or pass keys on the accounts of individual employees.
✔ Regularly check and update access rights.
✔ Use separate accounts for different services.
7. Lack of monitoring and logging
Without proper monitoring and logging, you may not notice suspicious activity or an attack on your server.
Case study: A current client came to us with this atypical request. He had some suspicions about the honesty of some of his team members, so he asked us to develop a solution that would help detect any atypical behavior. Monitoring was configured on individual RDPs and when logging into the work server, a bot was immediately triggered to notify the client. Additionally, a ban was set to install any software.
Monitoring helped to identify that one employee was constantly logging into the server after hours.
Recommendations:
✔ Set up a monitoring system to track the status of servers.
✔ Keep event logs and analyze them regularly for anomalies.
✔ Use tools for automatic threat detection (e.g., SIEM systems).
8. Round-the-clock support
Yes, it is difficult to attribute this to errors and it is more of a recommendation. However, a timely response is just as important as all the previous measures. Therefore, if something has already happened, it is very good if the support of your data center or web hosting provider can respond in time. Unfortunately, such giants as Hetzner, OVH, or AWS will simply not be able to answer you in 5 minutes. And if your admin is “offline”, you don’t have access to the server, then welcome to the club “Your request will be held by responsible employee during his working hours”
Case study: This is exactly what we provide to our clients. 24/7/365 – fast and high-quality support. It does not matter whether it is day or night, holiday or weekend. Our clients can contact us via live chat on the website and get a response in less than a minute(!). Of course, it all depends on the case and the solution itself may take longer, but if you are hacked and you can’t do anything yourself, your server will be shut down in 2 minutes and at least no one will get important information from it.
Recommendations:
✔ Set up a monitoring system to track the status of your servers.
✔ Keep event logs and analyze them regularly for anomalies.
✔ Choose hosting based on your needs. Not everyone needs market giants. Especially if you have a small infrastructure.
Conclusion.
Security is not a one-time task but an ongoing process. Do not skimp on it, because the cost of possible consequences can be much higher. If you have doubts about your abilities, contact professionals or use the services of reliable hosting providers that offer built-in security and support.
Thanks to everyone who read this far: using the promo code DEV10, we offer you a 10% discount on your first order and a free consultation.