Security considerations when running a VM: Difference between revisions

Parent page: Cloud

On the cloud, you are responsible for the security of your virtual machines.

This document is not a complete guide, but will set out some things you need to consider when creating a VM on the cloud.

Keep the operating system secured[edit]

• Apply security updates on a regular basis (see updating your VM).
• Avoid using packages from unknown sources.
• Use a recent image. For example, don't use Ubuntu 14.04 when Ubuntu 16.04 is available.
• Use SSH key authentication instead of passwords.
• Install fail2ban to block brute-force attacks.

Network security[edit]

• Limit who can access your service. Avoid using 0.0.0.0 in the CIDR field of the security group form.
  • Be aware of the range you are opening with the netmask your are configuring.
• Do not bundle ranges of ports to allow access.
• Think carefully about your security rules. Consider the following:
  • These services aren't meant to be publicly accessible:
    • mysql (3306)
    • postgresql (5432)
    • nosql
    • RDP (3389)
    • ... many, many others
  • Some services are meant to be accessible from the internet:
    • Apache (80, 443)
    • Nginx (80, 443)
    • ... others
• Configure your web server to use HTTPS instead of HTTP.
  • In many case HTTP should only be used to redirect traffic to HTTPS.
• Do NOT run a mail server.

Updating your VM[edit]

To upgrade a Linux VM choose the steps below for your particular operating system. Note you will need to reconnect to your VM after rebooting.

Ubuntu/Debian[edit]

$ sudo apt-get update
$ sudo apt-get dist-upgrade
$ sudo reboot

CentOS[edit]

$ sudo yum update
$ sudo reboot

Fedora[edit]

$ sudo dnf update
$ sudo reboot

Further Reading[edit]

An amazon article on securing instances: https://aws.amazon.com/articles/1233/