Ensuring the security of your VPS (Virtual Private Server) is crucial to protect your data, maintain VPS integrity, and prevent unauthorised access. This article provides suggestions and tips to help secure your services on BinaryLane.


For information on how to secure your BinaryLane account, review this helpdesk article: Securing your BinaryLane Account | BinaryLane



TABLE OF CONTENTS


Long-Term Security Measures


Utilise the provided 'External Firewall' service

Implementing a firewall helps control the traffic to and from your VPS, blocking unwanted access. We recommend using the BinaryLane firewall as this filters traffic before it reaches your VPS, however, for advanced firewall settings (such as scheduled rules, extensive and complex rule sets, port aggregation and limiters, etc.), using your own firewall service is suggested. There's no issue with using both the BinaryLane firewall and your own firewall service.

For more information on our 'External Firewall' service and instructions on how to use this, please review the helpdesk article we have on the matter: External Firewall | BinaryLane


Consider a Virtual Private Cloud (VPC)

Adding your VPS to a VPC enhances security by isolating it within a private network. Benefits include:

  • Improved control over inbound and outbound traffic, including the ability to adjust the VPC's routing tables to define custom traffic routes (hops)

  • Enhanced privacy and security for inter-VPS communications.

For example, you could place your environments within a VPC and deploy a bastion host or gateway firewall VPS to serve as an intermediary that oversees and controls all inbound and outbound traffic, providing a centralised point for enforcing security policies and logging access attempts.


You can refer to our helpdesk article on VPCs for more information including example use-cases here: What is a VPC? Do I need one? | BinaryLane


Disable unnecessary services and ports


Disable any services and close any ports that are not needed for your VPS to reduce your server's attack surface.


Scan for vulnerabilities regularly

Use tools like Nessus or OpenVAS to perform regular vulnerability scans on your VPS to identify and address security vulnerabilities proactively.


Regular Log Monitoring and Alerting


Centralised logging:

Consider using a centralised logging solution like Graylog, Splunk or an ELK Stack (Elasticsearch, Logstash, Kibana) to aggregate logs from multiple sources for easier monitoring and analysis.

Linux:

Regularly review your log files to monitor for unusual activity that could indicate potential security threats. Tools like `grep` can help filter logs for specific patterns or keywords.

For more details on how to use `grep` effectively, refer to this CompTIA article: 9 Ways to Use Grep to Filter Results in Linux | Computer Networks | CompTIA

Setting up automated alerts based on log file analysis can provide early warnings of suspicious behaviour. Some free, open-source, popular solutions for this may include:


  • Logwatch

    A log analysis system that generates periodic reports from system logs and can be configured to send email alerts: How to install and configure Logwatch | Ubuntu

  • Logcheck

    A simple tool that helps administrators monitor log files for security violations and unusual activity, and can also be configured to send email alerts: Logcheck -- Logfile Scanner

  • Fail2Ban

    Monitors log files and bans IPs that show malicious signs, such as too many password failures. While Fail2Ban primarily acts on suspicious activity, it can also be configured to send email notifications for specific events: Fail2Ban Documentation



Windows:

Regularly analyse your Event Viewer logs to monitor for unusual activity that could indicate potential security threats. Use PowerShell to automate log searches for specific patterns or keywords. Additionally, Sysinternals Suite tools, such as `Process Monitor` (procmon), `Autoruns`, and `Tcpview` can help provide deeper insights into system activities and network connections.

To set up email alerts for suspicious activity, you can use Task Scheduler to trigger email notifications based on specific Event Viewer logs: Make Windows Task Scheduler alert me on fail - Super User


Malware Detection Tools


Linux:

  • Lynis (Open Source, Free)

    A security auditing tool for Unix-based systems that can help detect security issues and vulnerabilities. It can also perform compliance testing (e.g. ISO27001, PCI-DSS, HIPAA): CISOfy/lynis: Lynis

  • Linux Malware Detect (LMD) (Open Source, Free)

    Designed to find and mitigate threats in a Linux environment: LMD Documentation

  • ClamAV (Open Source, Free)

    Open-source antivirus engine for detecting trojans, viruses, malware, and other malicious threats: ClamAV Documentation

  • Rootkit Hunter (Open Source, Free)

    Scans for rootkits, backdoors, and local exploits: Rootkit Hunter Documentation

  • chkrootkit (Open Source, Free)

    Checks for signs of rootkits on the system: chkrootkit Documentation


Windows:



  • ClamAV (Open Source, Free)

    Open-source antivirus engine for detecting trojans, viruses, malware, and other malicious threats: ClamAV Documentation

  • Sophos (Free and Paid Versions)

    Advanced threat protection for Windows systems: Sophos Documentation



CSF (ConfigServer Security & Firewall)


CSF offers comprehensive firewall capabilities and DDoS protection. It is highly configurable and integrates well with various Linux distributions: CSF Documentation



Fail2Ban


Fail2Ban not only monitors log files and sends email notifications, but also bans IPs showing malicious behavior. It is effective against brute force attacks: Fail2Ban Documentation



Suricata


Suricata is an advanced network threat detection engine that provides intrusion detection and prevention capabilities: Suricata Documentation



ModSecurity


ModSecurity is a web application firewall designed to protect web applications from various attacks, including SQL injection and XSS: ModSecurity Documentation



Netdata


Netdata provides real-time monitoring for detailed insights into server/VPS performance and potential attack patterns: Netdata Documentation

Attention to Relevant RFCs, ISOs, and Other Standards

Adhering to industry standards can further enhance the security of your VPS. Be aware of relevant RFCs (Request for Comments) and ISOs (International Organization for Standardization) that apply to your specific setup and security needs. These standards provide guidelines and best practices for maintaining a secure and robust system.


Australia-specific standards and regulations:


  • Australian Cyber Security Centre (ACSC) Essential Eight

    A set of baseline mitigation strategies to help organisations protect their systems against cyber threats: ACSC Essential Eight

  • Cybersecurity Act 2018

    Legislation aimed at improving the cybersecurity posture of critical infrastructure and systems of national significance in Australia: Cybersecurity Act 2018

  • Australian Signals Directorate (ASD) Strategies to Mitigate Cyber Security Incidents

    A prioritized list of mitigation strategies to assist organisations in protecting their systems and data: ASD Strategies to Mitigate Cyber Security Incidents


Data at Rest


Due to the significant performance cost and the lack of available computing power required for efficient data-at-rest encryption, BinaryLane does not support this feature. We also do not have plans to include this feature at this time.

For users who require data-at-rest encryption, we recommend exploring third-party solutions or implementing encryption at the application level to meet your security needs. Please note that certain distributions like Alpine Linux or Flatcar, which may offer features such as data at rest encryption, are BYO ISO (Bring Your Own ISO) solutions and are not natively supported by BinaryLane. You're more than welcome to utilise these features, however, you may encounter limitations, such as being unable to dynamically change your disk size from the `Change Plan` page due to unintelligible disk formatting changes (internal partitioning).


Additional Security Suggestions


Keep your system and software updated


Regularly update your operating system and install software to patch security vulnerabilities. Automated updates and patch management tools can streamline this process.



Implement strong authentication


Use strong passwords and consider implementing SSH key-based authentication for remote access (You could consider using SSH with MFA). This significantly reduces the risk of unauthorised access.


Ensure that you've changed the automatically generated `root` password for Linux-based VPSs and the `Administrator` password for Windows-based VPSs, or instead, entirely disable non SSH key logins for maximum security. Consider implementing password policies and rules to enhance the integrity of your server.



Actively monitor system activity


Regularly monitor/review your server(s) logs and use monitoring tools to detect suspicious activity early. Implementing automated alert systems can help in prompt detection and response.



Employ a backup cycle


Ensure regular backups of your VPSs data to recover quickly in case of an attack or failure. Use a combination of different backup types (e.g. 1x daily, 1x Weekly, 1x Monthly)



Implement VLANs | Use VPNs (Virtual Private Networks) | Audit penetratability of your server(s)



If you require assistance, feel free to submit a support ticket at our helpdesk here: Submit a ticket | BinaryLane