At Cloud-A we enable our users to signup and manage their own infrastructure, giving them full control to configure and secure their own instances, networks and storage as they wish. We like to provide tips, tricks and best practises to give you the information you need to ensure that your instances are secure. Here are a few best practises for hardening and securing your Linux instances on Cloud-A.
Eliminate Unneeded Service
- Do not run any unneeded services such as FTP.
- If you are running DNS, be sure to close it off from being an open resolver so that you do not become part of a DDoS attack.
Lock down SSH
- Disable root login via SSH
- Only allow specified IPs to connect via SSH
- Only allow SSH Key based authentication – Do not allow password authentication
- Use an alternative SSH port
Use fail2ban
(http://www.fail2ban.org/wiki/index.php/Main_Page)
- Use fail2ban to automatically add malicious IPs to the firewall drop rules.
Update packages on regular basis
- Keep your packages up to date to avoid being susceptible to zero day attacks.
More Links:
http://www.tecmint.com/linux-server-hardening-security-tips/
http://cloudfaqs.wordpress.com/2013/09/14/20-linux-server-hardening-security-tips/
http://www.gtcomm.net/blog/securing-a-linux-server-hardening-ssh-security/
http://security.stackexchange.com/questions/18480/building-a-secure-server-with-centos