When it comes to securing your website or API server, it is a tedious task that you would have never thought about it such as regularly checking your server’s weakness by port scanning, OWASP Top 10, and system vulnerability.

So you can easily find and fix some potential problems and prevent malicious attacks as early as possible.

OWASP Top 10 is the top 10 risk in a web application. You need to validate your website properly and avoid these common attacks.

This article will provide you with some common and easy approaches to secure your Linux so that you can focus on developing features for your websites.

Outline

• Hosted Scan

• Port Scan

• Firewall

• Update Security Package

• Antivirus

Hosted Scan

• Port Scan

• OWASP Top10

• System Vulnerability

First, you need to understand what is the weakness of your system.

You can utilize HostedScan.com below to regularly check your domain name of the website in the port scan, OWASP Top 10, and system vulnerability.

HostedScan.com

HostedScan requires public read access only, and will never make any modifications to your servers. Scans are external…

hostedscan.com

Basically, this website can help you to

• finding some unused ports in your Linux

• checking potential risk in OWASP Top 10

• checking system vulnerability

Note:

• If you find any opening port without using it, close those unused services completely. Because this can prevent brute force attacks.

• Remember don’t expose SSH Port 22 to the public. Instead, you can set it up in a different port or utilize a firewall to restrict the retry times like fail2ban.

• It’s better to open ports when needed like HTTP in Port 80 and HTTPS in Port 443 while others should be closed.

• If you find any risks above the medium level in OWASP Top 10 or system vulnerability, it’s recommended to fix them as soon as possible.

Port Scan

You can check your system by scanning your port number. Once you find out some ports that are open and not used, remember to close them and stop their related services accordingly.

• Install port scan tool
  sudo install nmap

• Execute Port Scan command to scan Port from 1 to 65535
  nmap -p 1-65535 -T4 -A -v [Target IP]

Note:

• This tip is as same as the previous one but you can check the opening port by command line.

• While in the previous tip, you need to use 3rd Party Services.

Firewall

The fundamental rule to improve the security of your Linux is your system only opens necessary ports for your services.

I strongly recommend you set up restrictions on port 22 to avoid being attacked by SSH Brute Force.

One solution to protect SSH Brute Force is you can utilize DenyHost to automatically parse SSH Log and set up firewall rules by detecting malicious IPs.

• Install DenyHost

The other solution is you can restrict the log-in times like 3 times of failure to ban the users.

• Install fail2ban

Update Security Package

Update your system with the latest security packages to reduce exposure to system vulnerabilities.

Install this package if it isn’t already installed using
sudo apt-get install unattended-upgrades

To enable it to type
sudo dpkg-reconfigure unattended-upgrades

and select "yes".

AntiVirus

Scan and check your system regularly with the following antivirus software.

• Install Virus
  sudo apt-get install clamav

• Update Virus code
  sudo freshclam

• Scan system
  sudo clamscan --remove=yes -i -r ./

Summary

Congratulation! You have learned how to

• check your Linux’s weakness by hosted scan or port scan,

• protect your system with a firewall and antivirus,

• strengthen your system by automatically updating the security package.

You can utilize those tips mentioned above for any website or API server to ensure the high security of your services.