This page looks best with JavaScript enabled

How to Secure A Web Server

 ·  ☕ 2 min read  ·  ✍️ Chris Titus

In this article, I show you all the steps needed to secure a web server and improve your security. I recommend doing all of these things on every installation. Also, just because you secure your server doesn’t mean you can neglect it. I highly recommend monitoring it and adjusting security as needed. Monitoring is required for proper security in my opinion.

Secure A Web Server Steps

firewall-png-577×359

Install UFW

1
2
3
4
5
6

sudo apt-get update  
sudo apt-get install ufw  
sudo ufw limit 22/tcp  
sudo ufw allow 80/tcp  
sudo ufw allow 443/tcp  
sudo ufw enable

Verify
sudo ufw status

Do Global blocks

1
2

sudo ufw default deny incoming  
sudo ufw default allow outgoing

ssh

Change SSH to Key

Remote Machine: ssh-keygen -t rsa

Transfer to Server

Method 1:

Transfer pub ssh key to server

1
2

scp ~/.ssh/id_rsa.pub user@server.com:~
cat ~/id_rsa.pub >> ~/.ssh/authorized_keys

Method 2:

Copy key and place in authorized_key file in one command
ssh-copy-id -i ~/.ssh/id_rsa.pub user@server.com

Secure a Web Server Disabling Password Auth through SSH

Change the following lines in /etc/sshd_config

ChallengeResponseAuthentication no
PasswordAuthentication no
UsePAM no
PermitRootLogin no

Edit /etc/sysctl.conf

Enable security features

settings

Prevent IP Spoof /etc/host.conf

Change File to mirror below:

​order bind,hosts
multi on
nospoof on

Install Fail2Ban

1
2
3

sudo apt install fail2ban
sudo systemctl enable fail2ban
sudo systemctl start fail2ban

Check Listening Ports

netstat -tunlp

You will now have completed the basics of a secure web server!

Video Walkthrough

secure web server
Note: YouTube Video - Hold Ctrl + Left Click to open in new window

Contact Me

I live stream on Chris Titus Tech YouTube Channel every Friday at 10 AM CST and archive clips to Titus Tech Talk. I also regularly publish to christitus.com, but if you’d like to contact me directly or want to contribute to help keep these articles and videos being made consider joining the CTT members.

Two Memberships exist:

  • ChrisTitus.com Members Section (CC Only)
    • Full Archive of All Unlisted Live Streams
    • Direct Members Only Email
    • Monthly Members Only Video
    • Starting at $2 Per Month (100% of Proceeds goes to Chris Titus Tech)
  • YouTube Chris Titus Tech Membership (All Payments Accepted)
    • YouTube Emojis for Comments and Live Chat
    • YouTube Badges that changes based on membership time for comments and chat.
    • All YouTube comments are highlighted when I review comments daily.
    • Immediate Access to Full Live Streams
    • $4.99 Per Month (70% of the Proceeds goes to Chris Titus Tech)
Share on
Chris Titus
WRITTEN BY
Chris Titus
Tech Content Creator

See Also