Security Best Practices

Linux Server

Security Best Practices

Notes for the following items

  • Necessary host is a host (computer) that needs to connect to perform work. This is typically the IP address of the manager or administrator of the application or server. For most management services (SSH, MySQL, etc..) or the management interface of applications, only the administrator’s IP address should be allowed. All other IP addresses should be denied.
  • Web Applications are any web based applications that are downloaded and installed from a third party such as: PHPMyAdmin, OSCommerce, Joomla, WordPress, etc..

Passwords –

  • All user passwords should be at least 8 characters long, and longer if possible.
  • Contain a mix of upper and lower case letters.
  • Includes numerals, special characters, and punctuation.
  • Are not based on any personal information.
  • Are not based on any dictionary word.
  • Are not the same as used by other users.


  • Do not allow root SSH access
  • Only allow SSH access from necessary hosts
  • Change SSH port from its default.

Root Access –

  • Do not use root when work can be done with another user account.

Web Applications –

  • Make sure all applications are up to date and patched with latest security patches.
  • Applications need to be checked at least monthly for new versions and updated if new versions are available.
  • Whenever possible (especially for the management interface of the application) only allow access from necessary hosts.
  • Consult the application’s forums or help documentation for ways to further secure them.

Port access –

  • Only allow access to FTP (TCP port 21) from necessary hosts.
  • External access to MySQL (TCP port 3306) should be denied unless absolutely necessary. If it has to be allowed, it should only be allowed from necessary hosts.

Article ID: 865

Was this article helpful?

Yes   No  

Return to Customer Support Homepage Return to Customer Support Homepage
Printer Friendly Page Printer Friendly Page