How to Secure a VPS Server: Using Firewall and Fail2Ban

How to Ensure VPS Server Security: Using Firewall and Fail2Ban

A Virtual Private Server (VPS) offers more control and flexibility compared to shared hosting. However, this freedom also brings more security responsibilities. The security of your VPS is critical to protecting the data and applications on it. In this article, we will examine in detail the measures you can take to keep your VPS server secure, especially the use of a firewall and Fail2Ban.

Why Do We Need VPS Server Security?

VPS servers are directly connected to the internet, so they can be exposed to various attacks. These attacks include brute-force attacks, DDoS (Distributed Denial of Service) attacks, malicious software installation attempts, and unauthorized access attempts. An unsecured VPS can allow attackers to infiltrate your server, steal your data, use your server for malicious purposes, or disable your services. Therefore, proactively securing your VPS is vital for your business continuity and reputation.

Using a Firewall

A firewall is a security system that controls network traffic coming to and from your server. Based on specific rules, it blocks or allows traffic to pass. Configuring a firewall for your VPS server is one of the most basic steps to prevent unauthorized access and filter harmful traffic.

Firewall Installation and Configuration with UFW (Uncomplicated Firewall)

UFW is an easy-to-use firewall tool designed for Linux distributions such as Debian and Ubuntu. Using UFW, you can easily define basic firewall rules for your server.

Installation:

UFW is usually pre-installed. However, if it is not installed, you can install it with the following command:

sudo apt update
sudo apt install ufw

Basic Configuration:

Before enabling UFW, it is important to allow SSH traffic to avoid disconnecting your SSH connection. The SSH port is usually 22, but if you are using a different port, you should specify that port.

sudo ufw allow 22/tcp

Alternatively, you can also use the service name:

sudo ufw allow ssh

If you have a web server, you may also need to allow HTTP (port 80) and HTTPS (port 443) traffic:

sudo ufw allow http
sudo ufw allow https

Enabling UFW:

After defining the necessary rules, you can enable UFW:

sudo ufw enable

Once UFW is enabled, all incoming traffic will be blocked by default. Only the traffic you allow will be able to pass.

Checking the Rules:

You can use the following command to check the UFW rules:

sudo ufw status

This command shows the active rules and the overall status of UFW.

Example Rules:

Allowing traffic from a specific IP address:

sudo ufw allow from 192.168.1.100

Allowing traffic from a specific IP address to a specific port:

sudo ufw allow from 192.168.1.100 to any port 80

Blocking outgoing traffic from a specific port:

sudo ufw deny out 25/tcp

Preventing Brute-Force Attacks with Fail2Ban

Fail2Ban is a security tool that protects your server from brute-force attacks. It monitors the number of failed login attempts within a certain period and automatically blocks IP addresses that exceed a certain threshold. This significantly complicates attackers' password cracking attempts.

Fail2Ban Installation and Configuration

Installation:

You can install Fail2Ban with the following command:

sudo apt update
sudo apt install fail2ban

Configuration:

Fail2Ban's main configuration file is `/etc/fail2ban/jail.conf`. However, instead of directly editing this file, it is recommended that you write your customizations to the `/etc/fail2ban/jail.local` file. This prevents your configuration changes from being lost when Fail2Ban is updated.

Create the `/etc/fail2ban/jail.local` file and add the basic configuration as follows:

[DEFAULT]
bantime = 600  ; Blocking time (seconds)
findtime = 600  ; Trial period (seconds)
maxretry = 3    ; Maximum number of failed attempts

[sshd]
enabled = true
port = ssh
logpath = %(sshd_log)s
backend = auto

This configuration monitors the SSH service and blocks IP addresses that make 3 failed login attempts within 600 seconds for 600 seconds.

Important Configuration Parameters:

bantime: The duration for which an IP address will be blocked (seconds).
findtime: The duration in which failed login attempts are counted (seconds).
maxretry: The maximum number of failed login attempts allowed before being blocked.
logpath: The log file to be monitored.
backend: The method of reading the log file (auto, polling, systemd, etc.).

Restarting Fail2Ban:

After changing the configuration, you need to restart Fail2Ban:

sudo systemctl restart fail2ban

Checking Fail2Ban Status:

You can use the following command to check the status of Fail2Ban:

sudo fail2ban-client status

To check the status of a specific "jail":

sudo fail2ban-client status sshd

Other Security Measures

While using a firewall and Fail2Ban are important steps to increase the security of your VPS server, they are not sufficient on their own. It is important to take the following additional measures:

Use Strong Passwords: Use strong and unique passwords for all user accounts. Change your passwords regularly.
Enable Two-Factor Authentication (2FA): Enable 2FA wherever possible. This ensures the security of your account even if your password is compromised.
Keep Software Up to Date: Regularly update your operating system and all your applications. Updates often fix security vulnerabilities.
Turn Off Unnecessary Services: Disable services you are not using. This reduces your attack surface.
Perform Regular Backups: Back up your data regularly. In the event of an attack, you can recover your data thanks to your backups.
Monitor Logs: Regularly review your server logs. You can use log analysis tools to detect suspicious activity.
Use Security Scanners: Regularly scan your server with security scanners. This helps you identify potential security vulnerabilities.

Conclusion and Summary

VPS server security is a process that requires constant attention and care. In this article, we have examined in detail the basic measures you can take to ensure the security of your VPS, especially the use of a firewall (UFW) and Fail2Ban. While the firewall is used to prevent unauthorized access and filter harmful traffic, Fail2Ban automatically blocks brute-force attacks. In addition to these measures, it is also important to use strong passwords, enable 2FA, keep software up to date, turn off unnecessary services, perform regular backups, and monitor logs. Remember, security is achieved with a proactive approach and requires continuous monitoring and improvement.