Translations:Creating a web server on a cloud/3/en: Difference between revisions

From Alliance Doc
Jump to navigation Jump to search
(Importing a new version from external source)
(Importing a new version from external source)
 
(3 intermediate revisions by the same user not shown)
Line 1: Line 1:
=Security considerations=
=Security considerations=
Any time you make a computer accessible to the public, security must be considered. "Accessible to the public" could mean allowing SSH connections, displaying HTML via HTTP, or using 3rd party software to provide a service (e.g. WordPress). Services such as SSH or HTTP are provided by programs called [https://en.wikipedia.org/wiki/Daemon_(computing) "daemons"] which stay running all the time on the computer and respond to outside requests on specific [https://en.wikipedia.org/wiki/Port_(computer_networking) ports]. With [[OpenStack]] you can manage and restrict access to these ports, including granting access only to a specific [https://en.wikipedia.org/wiki/IP_address IP address] or to ranges of IP addresses; see [[OpenStack#Security Groups | Security Groups]]. Restricting access to your VM will improve its security. However, restricting access does not necessarily remove all security vulnerabilities. If we do not use some sort of encryption when sending data (e.g. passwords) an eavesdropper can read that information. [https://en.wikipedia.org/wiki/Transport_Layer_Security Transport Layer Security] is the common way to encrypt this data, and any web site which uses logins (e.g. WordPress, MediaWiki) should use it; see [[Configuring Apache to use SSL]]. It is also possible that data transmitted from your webserver to a client could be modified on route by a third party if you are not encrypting it. While this might not directly cause issues for your webserver it can for your clients. In most cases it is recommended to use encryption on your webserver. You are responsible for the security of your virtual machines and should take it seriously.
Any time you make a computer accessible to the public, security must be considered. <i>Accessible to the public</i> could mean allowing SSH connections, displaying HTML via HTTP, or using 3rd party software to provide a service (e.g. WordPress). Services such as SSH or HTTP are provided by programs called [https://en.wikipedia.org/wiki/Daemon_(computing) "daemons"], which stay running all the time on the computer and respond to outside requests on specific [https://en.wikipedia.org/wiki/Port_(computer_networking) ports]. With [[Managing_your_cloud_resources_with_OpenStack | OpenStack]], you can manage and restrict access to these ports, including granting access only to a specific [https://en.wikipedia.org/wiki/IP_address IP address] or to ranges of IP addresses; see [[Managing_your_cloud_resources_with_OpenStack#Security groups | Security groups]]. Restricting access to your VM will improve its security. However, restricting access does not necessarily remove all security vulnerabilities. If we do not use some sort of encryption when sending data (e.g. passwords), an eavesdropper can read that information. [https://en.wikipedia.org/wiki/Transport_Layer_Security Transport Layer Security] is the common way to encrypt this data, and any website which uses logins (e.g. WordPress, MediaWiki) should use it; see [[Configuring Apache to use SSL]]. It is also possible that data transmitted from your web server to a client could be modified on the way by a third party if you are not encrypting it. While this might not directly cause issues for your web server, it can for your clients. In most cases it is recommended to use encryption on your web server. You are responsible for the security of your virtual machines and should take this seriously.

Latest revision as of 21:01, 1 June 2023

Information about message (contribute)
This message has no documentation. If you know where or how this message is used, you can help other translators by adding documentation to this message.
Message definition (Creating a web server on a cloud)
=Security considerations=
Any time you make a computer accessible to the public, security must be considered. <i>Accessible to the public</i> could mean allowing SSH connections, displaying HTML via HTTP, or using 3rd party software to provide a service (e.g. WordPress). Services such as SSH or HTTP are provided by programs called [https://en.wikipedia.org/wiki/Daemon_(computing) "daemons"], which stay running all the time on the computer and respond to outside requests on specific [https://en.wikipedia.org/wiki/Port_(computer_networking) ports]. With [[Managing_your_cloud_resources_with_OpenStack | OpenStack]], you can manage and restrict access to these ports, including granting access only to a specific [https://en.wikipedia.org/wiki/IP_address IP address] or to ranges of IP addresses; see [[Managing_your_cloud_resources_with_OpenStack#Security groups | Security groups]]. Restricting access to your VM will improve its security. However, restricting access does not necessarily remove all security vulnerabilities. If we do not use some sort of encryption when sending data (e.g. passwords), an eavesdropper can read that information. [https://en.wikipedia.org/wiki/Transport_Layer_Security Transport Layer Security] is the common way to encrypt this data, and any website which uses logins (e.g. WordPress, MediaWiki) should use it; see [[Configuring Apache to use SSL]]. It is also possible that data transmitted from your web server to a client could be modified on the way by a third party if you are not encrypting it. While this might not directly cause issues for your web server, it can for your clients. In most cases it is recommended to use encryption on your web server. You are responsible for the security of your virtual machines and should take this seriously.

Security considerations[edit]

Any time you make a computer accessible to the public, security must be considered. Accessible to the public could mean allowing SSH connections, displaying HTML via HTTP, or using 3rd party software to provide a service (e.g. WordPress). Services such as SSH or HTTP are provided by programs called "daemons", which stay running all the time on the computer and respond to outside requests on specific ports. With OpenStack, you can manage and restrict access to these ports, including granting access only to a specific IP address or to ranges of IP addresses; see Security groups. Restricting access to your VM will improve its security. However, restricting access does not necessarily remove all security vulnerabilities. If we do not use some sort of encryption when sending data (e.g. passwords), an eavesdropper can read that information. Transport Layer Security is the common way to encrypt this data, and any website which uses logins (e.g. WordPress, MediaWiki) should use it; see Configuring Apache to use SSL. It is also possible that data transmitted from your web server to a client could be modified on the way by a third party if you are not encrypting it. While this might not directly cause issues for your web server, it can for your clients. In most cases it is recommended to use encryption on your web server. You are responsible for the security of your virtual machines and should take this seriously.