A VPS is a type of web hosting, where the customer/client is the only one having access to and permission to use the server. They have exclusive rights and all the responsibility. So, some of the best of breed security practices are:
1. Update the software regularly. Poorly updated servers are one of the main holes in network security and updates go a long way in fixing them. Security updates must be installed without fail, though general software updates could be delayed if necessary.
2. Password Protection. Using passwords to provide various levels of access to the servers has been a long-established technique. Put in place a strong and up-to-date password policy.
3. If possible, replace passwords with SSL Certificates. This Secure Socket Layer certificate is a digital document, mathematically assigned to the user, which allows the user to login to a server automatically without any passwords, thus closing that security hole.
4. Limit Access - both physical and digital. Allow only those who absolutely must have access, permission to do so. A distinction must be made between the “Administrator” who can virtually do anything and the “Operator” who has limited rights, with permission to perform only daily maintenance duties.
5. Close unnecessary ports: A server can, by default, have many “Ports” that are open to the network. These are digital interfaces of the many services of the server. Close down all but the bare essentials.
6. Close unnecessary services: Again, by default, a server can operate with many services that may be totally useless for our use case, and could become a security risk. Audit all the services and shut down all that is not necessary.
7. Have a full and active Backup Plan. Disaster can occur anytime, so backup all the data onto another device either in the same physical location or somewhere else. If financially viable, a Failover Backup Server in another physical location should be seriously considered.
8. Last, but not least, consider hiring full-time trained personnel to maintain the servers.
What all this means is that we are in charge of our hardware and software installation, and it is our responsibility to maintain its security.