UKFast Tech Tips
Welcome to the tech tips resource section. At UKFast we've compiled useful information about general security and the security of your dedicated server to help keep your online doorway closed and locked.
Secure passwords
Trying to choose a new password and remember it at the same time can be tricky so follow these tried and tested steps to help you out:
- Choose a password with at least 8 characters
- Use a mixture of upper and lower case letters, numbers and special characters such as !@£$.
- Don't use dictionary words, names of family members, friends or pets, pin numbers or dates of births.
- Replace letters in a word with numbers or symbols. For example, p@s$w0rD would be a lot more secure than just password.
- Change your passwords often and remember – if you have maintenance on your servers with us you need to inform support of the changes.
Perfect passwords
However, if you’d like an easier way to create passwords, we have a lovely little device you might like to try. We like to share with you our innovations, from the mighty ground breaking ones right through to the clever little gadgets.
So, having sent out thousands of passwords over the years at UKFast, we added a password generator tool to the Resources section of the website. Why not download it and take away the pain of creating endless preliminary passwords for people who are likely to change them anyway?
You can find the UKFast password generator tool at the bottom of this page.
The Phishery - A resource for spotting and analysing phishing
The amount of news about spam is simply astounding. It is amongst our biggest online concerns and phishing is emerging as the most successful and deceptive tool in the cyber armoury.
If you’re worried about this, go to a website called the Phishery. The website is run by ECSC Ltd, a Yorkshire based Information Security Consultancy as part of internetdefence.net. The phishery is an automated system for capturing and analysing phishing emails. It determines the phishing site from the email then visits that site.
The process is automated and once a new site has been discovered, it is monitored to determine when it is taken down. It provides a "real time" monitoring service - from the time the phishing email arrives, is processed and the results displayed.
The online repository lets you cross check emails you have been sent to see if they are amongst the known phishing list.
Tech’s top tips for server security
Security through obscurity
Security through obscurity is a common term that has been banded around for a while. It has very limited impact on actual security but can be applied for things like altering the default port on an application.
At UKFast, we already do this for SSH servers. Rather than run them on the common port of 22, we run them on something a little different to stop the usual port scans and attacks that occur on a second by second basis.
You can do this on systems such as your database server (MSSQL or MySQL) without having an impact on your site at all, depending on your coding styles and ethics.
Small changes like this will stop the usual attacks on your application/dedicated server but obviously won't stop the hardened attacker - for this, nothing beats a good firewall ruleset.
Secure server maintenance
Looking at good working practices in regard to server maintenance, the UKFast tech team’s top tip is about working on your dedicated server securely. The majority of server administrators always login under the Administrator account on Windows servers, or the Root account on Linux servers to perform routine maintenance or checks.
Doing this means any changes or actions made under these accounts could result in accidental data loss or configuration changes causing loss of service.
It is recommended that additional accounts are created for staff/developers to access the server in the same manner. However, this means that mistakes on a live environment won't be as critical or would be denied due to lack of permission.
If a user needs to make a change or upgrade, they can still perform these same tasks by providing the Administrator or Root password.
You can also take this a step further on Linux servers and configure your SSH server to deny access to the root user by default. This will then mean that you require a standard account to first gain access and then su - to root level afterwards.
Fully locked down
Consider security in areas close to home that often get forgotten.
You may have locked down your firewall on the server to permit logins from set locations and have the latest anti-virus/anti-spyware software loaded.
You may also employ a 2048 bit encrypted SSL certificate protecting your data stream or a point-to-point VPN link with your office and MANOC encrypting all data traffic from you to the dedicated server. But have you remembered to lockdown and secure the workstations you are accessing your server from?
If you haven't thought about all of the above for your office as well as your dedicated server then you could be open to abuse and attack from your own network without your knowledge.
Locking your online doorway
Less than 20 years ago, people in many parts of the world left their doors open without fear of intrusion.
Unfortunately, most people can no longer do that in today’s society and the online world is no different. However, many of you are leaving your doors wide open. Always remember to lock your dedicated server.
The advice follows routine maintenance of servers that revealed a trend in clients forgetting to lock up on the way out.
Here’s why it’s important. Recently, there was a VNC vulnerability where you didn’t need a password to log into a server – so if somebody gained access that way and your desktop was unlocked they could easily compromise your server.
However, if your desktop is locked then they would still have to hack in – which would ordinarily be enough of a deterrent. As a word of warning, every day our technicians find at least one unlocked server that they then lock themselves after routine maintenance.
So why not check now and make sure you are keeping your online solution as safe as you can.
