Open In App

We use cookies to ensure you have the best browsing experience on our website. By using our site, you acknowledge that you have read and understood our Cookie Policy & Privacy Policy

How to Secure a Live Server?

Security is of utmost importance nowadays but still, some startups tend to ignore it because of the extra time it consumes. If not now, startups face hurdles at a later stage of scaling because of insecure systems. And in the current era where ransomware is at its peak, in order to make sure that open services running on your server are not compromising your system, let’s look at some of the steps we can follow to ensure the same.

IP tables

IP tables are command-line firewall utility that uses rules/policies to allow or block traffic. First, check if your iptable configuration is clean. 



sudo iptables -L

The above command lists all the current iptable rules. Use this command after every addition to ensure if your configuration is clean.



if you find some issues in your configuration, you can use the following command to flush the entire iptable and start over. With your iptable flushed, your system is vulnerable to attacks. Make sure to secure it using an alternative method.

sudo iptables -F

Inserting rules

Insert rules for the following purposes in order to secure the server.

Let’s add a rule to allow established connections to continue using the command below and then you can check that the rule was added using the same sudo iptables -L as before. To do this enter the following command in terminal.

sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
sudo iptables -L

Default policy

You should make sure of the default policy to be configured as accepting incoming connections. This ensures that you don’t get locked out of your own account. Then, add a rule to drop the incoming connections as last. This ensures to drop the connection if the packet doesn’t match the rules above drop rule. Thus, ensures security from unwanted connections to the server.

Setting the default policy as ‘ACCEPT’

sudo iptables -P INPUT ACCEPT

Adding a rule to ‘DROP’

sudo iptables -A INPUT -j DROP

These commands execute successfully without returning any statement as it could be seen from the screenshot provided below.

Setting the iptables to be persistent 

Before setting the rules permanent, testing it once would be good to ensure that you’re able to log back in if you get logged out. Once, that done you can use the following command to make the rules permanent. This command basically created a script that loads our configuration when the system reboots.

sudo apt-get install iptables-persistent

Now, whenever you need to add more roles to iptables-persistent, you need to update the same using the following command.

sudo invoke-rc.d iptables-persistent save

IPV6

The above rules are for IPV4 and adding rules for IPV6 differs a bit in the command statement. The adoption of IPV6 is still not much compared to IPV4 and it could be exploited if left open. Therefore, let’s add a default policy to it and make it permanent. You can follow the commands mentioned below,

sudo ip6tables -L
sudo ip6tables -P INPUT DROP
sudo invoke-rc.d iptables-persistent save

Commands for IPV6 only differs in the keyword ‘ip6tables’ w.r.t IPV4.

The server is up or not

We’ve allowed all important protocols to establish a connection to our servers. But if you try to ping the server right now, it’ll drop because of the rule we added at the last. Thus, we need to allow ICMP for the same. Also, we want the drop rules to be the last rule defined. Thus, we need to add this rule above the DROP rule. To achieve the same, you can follow the below commands.

To get the line number to all the rules

sudo iptables -L --line-numbers

sudo iptables -I INPUT [Drop_rule_line_number] -p icmp --icmp-type echo-request -j ACCEPT

This rule will be added at line 1 and DROP rule at 1 will be shifted down

Now it allows us to ping the server again.

Article Tags :
Computer Subject
Linux-Unix
TechTips
Recommended Articles
1. How to Install and Setup Live Server Extensions on Visual Studio code?
2. Making your WordPress Website More Secure
3. Secure coding - What is it all about?
4. Blockchain to Secure IoT Data
5. Create your own secure Home Network using Pi-hole and Docker
6. Why HTTP is not Secure ?
7. Social Engineering -Time To Be More Secure Than Before
8. What is Secure Multiparty Computation?
9. How to Create a Secure Folder on Your Phone?
10. How to Secure Our Kali Linux to Ensure Our Protection
11. 3 Secure Ways to Erase a Hard Drive Completely
12. How to install and configure Apache Web Server on Godaddy Server?
13. Creating an Encrypted Persistent Live Kali USB
14. How to Create Ubuntu Live USB in Windows?
15. Find All Live Hosts IP Addresses Connected on Network in Linux
16. What is Time-To-Live (TTL)?
17. Creating and Running a Fedora Linux Live USB stick on a PC with Windows 11
18. How to Use Live Captions on Windows 11?
19. TCP Server-Client implementation in C
20. How to install the NFS server on Ubuntu?
21. UDP Server-Client implementation in C++
22. Windows Server 2012 R2 Stuck at "Updating Your System”
23. CT-EXPOSER - Uncover Hidden Subdomains and Reveal Internal Server Information
24. How to install Python3 and PIP on Godaddy Server?
25. Distributed Objects Computing: The next generation of client-server computing