๐ŸŒ™NightWatch
โ† Back to Blog

5 Server Security Basics Every Developer Should Know

March 1, 2026ยท3 min readยทZap

Most server breaches aren't sophisticated hacks. They're opportunistic attacks on low-hanging fruit: default passwords, unpatched systems, and open ports.

Here are five basics that will protect you from the vast majority of attacks.

1. Disable Password Authentication for SSH

Password-based SSH login is the #1 attack vector for servers. Bots are constantly scanning the internet, trying common username/password combinations.

Fix it in 5 minutes:

# Generate an SSH key (if you don't have one)
ssh-keygen -t ed25519

# Copy it to your server
ssh-copy-id user@your-server

# Disable password auth
sudo sed -i 's/PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config
sudo systemctl restart sshd

Now only someone with your private key can log in.

2. Keep Your System Updated

Unpatched vulnerabilities are the second most common attack vector. Most exploits target known vulnerabilities that have patches available.

Set up automatic security updates:

# Ubuntu/Debian
sudo apt install unattended-upgrades
sudo dpkg-reconfigure -plow unattended-upgrades

# CentOS/RHEL
sudo dnf install dnf-automatic
sudo systemctl enable --now dnf-automatic.timer

3. Configure a Firewall

Only expose the ports you actually need. Everything else should be blocked.

# UFW (Ubuntu)
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow ssh
sudo ufw allow http
sudo ufw allow https
sudo ufw enable

That's it. SSH, HTTP, and HTTPS. Everything else is blocked.

4. Use Fail2Ban

Fail2Ban monitors log files and bans IPs that show malicious behavior (like repeated failed login attempts).

sudo apt install fail2ban
sudo systemctl enable --now fail2ban

Default config bans IPs after 5 failed SSH attempts for 10 minutes. That's usually enough to stop brute-force attacks.

5. Don't Run as Root

Create a regular user for daily operations. Only use sudo when you actually need elevated privileges.

# Create a new user
sudo adduser deploy
sudo usermod -aG sudo deploy

# Log in as that user instead of root

If your application gets compromised, the attacker only has access to that user's permissions, not the entire system.

Bonus: Monitor for Intrusions

All the security in the world won't help if you don't know when something goes wrong. Set up monitoring that alerts you to:

  • Failed login attempts
  • New user accounts created
  • Unexpected processes running
  • Files modified in system directories

This is where NightWatch comes in. We monitor your servers 24/7 and alert you the moment something suspicious happens.

Summary

  1. โœ… SSH keys only (no passwords)
  2. โœ… Automatic security updates
  3. โœ… Firewall with minimal open ports
  4. โœ… Fail2Ban for brute-force protection
  5. โœ… Non-root user for daily operations
  6. โœ… Intrusion monitoring

These six things will protect you from 90% of attacks. They take about 30 minutes to set up.

Need help? Get in touch โ€“ we'll audit your setup for free.

Ready to monitor your servers?

Get started with AI-powered monitoring in under 5 minutes.

Get Started โ€“ โ‚ฌ49/month