120 likes | 142 Views
When setting up infrastructure, getting your applications up and running will often be your primary concern. However, making your applications to function correctly without addressing the security needs of your infrastructure could have devastating consequences down the line.
E N D
When setting up infrastructure, getting your applications up and running will often be your primary concern. However, making your applications to function correctly without addressing the security needs of your infrastructure could have devastating consequences down the line. In this guide, we will talk about some basic security practices that are best to configure before or as you set up your applications.
Install less software Cyber security is difficult enough, you should make it easier for yourself by installing less software. Fewer programs, services, plugins, mean less things to worry about. In cyber security terminology this is called reducing the attack vector. Reduce your attack vector by: . starting with a minimal base system: do not begin with a full blown and bloated operating system, start with as little as possible and keep track on the things you add . only install what you absolutely need: install tools, plugins add-ons and programs that you really - really - need. Be hard and determined: less is more! . check dependencies of things you install: If you install anything make sure you check the dependencies; software often requires other software (that you do not necessarily want)
2) SSH Keys SSH keys are a pair of cryptographic keys that can be used to authenticate to an SSH server as an alternative to password-based logins. A private and public key pair are created prior to authentication. The private key is kept secret and secure by the user, while the public key can be shared with anyone. To configure the SSH key authentication, you must place the user's public key on the server in a special directory. When the user connects to the server, the server will ask for proof that the client has the associated private key. The SSH client will use the private key to respond in a way that proves ownership of the private key. The server will then let the client connect without a password. To learn more about how SSH keys work, check out our article here.
3 ) Close all network ports, filter those you can't block Firewalls are used to filter network traffic and are available as standard system software on most operating systems. Limit the openings hackers have to your server. Firewall configuration should: . adopt a default policy of blocking: Most operating systems allow everything by default. Turn this around and block everything except that kind of traffic you expect and need. . check inbound and outbound: Filter incoming and outgoing network traffic. This makes it much harder for hackers to come in (and get out - in the unfortunate case of a successful hack). . filter open ports: Secure open network ports by filtering traffic based on source (IP-address) and/or state, only allow traffic from where you expect it to come from.
4) Firewalls A firewall is a piece of software (or hardware) that controls what services are exposed to the network. This means blocking or restricting access to every port except for those that should be publicly available.
On a typical server, a number services may be running by default. These can be categorized into the following groups: Public services that can be accessed by anyone on the internet, often anonymously. A good example of this is a web server that might allow access to your site. 2. Private services that should only be accessed by a select group of authorized accounts or from certain locations. An example of this may be a database control panel. 3. Internal services that should be accessible only from within the server itself, without exposing the service to the outside world. For example, this may be a database that only accepts local connections. Firewalls can ensure that access to your software is restricted according to the categories above. Public services can be left open and available to everyone and private services can be restricted based on different criteria. Internal services can be made completely inaccessible to the outside world. For ports that are not being used, access is blocked entirely in most configurations.
5) Use certificate/key authentication instead of passwords If password-based logins are allowed, hackers can repeatedly attempt to access the server. With modern computing power it's easy to automate this guessing by trying combination after combination until the right password is found (brute forcing). Secure authentication by: . use SSH key authentication: an SSH key is much longer than a normal password and contains different characters than ordinary readable letters and numbers. This results in more possible combinations, making it exponentially more difficult for hackers to find the right key. . limit authentication rate: Artificially make the password / key checking slower, reducing the speed of automated guessing . block automated guessing: Exclude IP-addresses if they have failed to login successfully.
6) VPNs and Private Networking Private networks are networks that are only available to certain servers or users. For example, DigitalOcean private networks enable isolated communication between servers in the same account or team within the same region. A VPN, or virtual private network, is a way to create secure connections between remote computers and present the connection as if it were a local private network. This provides a way to configure your services as if they were on a private network and connect remote servers over secure connections.
7) Check and update regularly Most hacking is automated these days, bots are constantly scanning every server and website for exploitation opportunities. It's not a question IF they will find you, but WHEN. Take care of your server by . checking its logs: potential problems often become visible before any really bad things have happened. Check the server logs for errors and anomalies; often they're early signs of trouble. . check for updates: either by using the software on your server or by checking the vendor / software website. . update regularly: don't wait until it's too late, install updates as soon as possible (but after you've tested them!)
Server Firm is the Best Place to Buy VPS Server in India Server.firm provide is best servers in India, Cheap Dedicated VPS server in india, Indian Dedicated Server offers a higher level of control, performance and stability than the other Server provider companies. We also provide India VPS and Cloud Server at very affordable cost. Are you interested and want more information on our plans and services? Just call us at 7982671092, 9582907788 (toll free) or send an email at sale@itmonteur.net. For more details please visit:https://www.server.firm.in
IT MonteurB-71, Shalimar Garden Extn-2Sahibabad, Ghaziabad, UP-201005Telephone: Sales: +91-9582907788Support: +91-96540164840120-2631048 www.server.firm.in