Security considerations when running a VM: Difference between revisions

From Alliance Doc
Jump to navigation Jump to search
(Created page with "On the cloud, you are responsible for the security of your VMs. This document is not intended to be a complete guide but only to give you some basic guidelines on things your...")
 
No edit summary
Line 3: Line 3:
This document is not intended to be a complete guide but only to give you some basic guidelines on things your need to consider when creating a VM on the cloud.
This document is not intended to be a complete guide but only to give you some basic guidelines on things your need to consider when creating a VM on the cloud.


Keeping the Operating System secured:
=Keeping the Operating System secured=
* Apply security updates
* Apply security updates
* Avoid using packages from unknown sources
* Avoid using packages from unknown sources
Line 10: Line 10:
* Install fail2ban to block authentication failure
* Install fail2ban to block authentication failure


Network security
=Network security=
* Limit who can access your service, avoid using '''0.0.0.0''' in the CIDR field of the security group form.
* Limit who can access your service, avoid using '''0.0.0.0''' in the CIDR field of the security group form.
* Be careful when creating your security rules, consider the following
* Be careful when creating your security rules, consider the following

Revision as of 14:44, 29 March 2017

On the cloud, you are responsible for the security of your VMs.

This document is not intended to be a complete guide but only to give you some basic guidelines on things your need to consider when creating a VM on the cloud.

Keeping the Operating System secured

  • Apply security updates
  • Avoid using packages from unknown sources
  • use an updated image (ex: don't use Ubuntu 14.04 when ubuntu 16.04 avalaible, or cent
  • Do not allow password authentication for SSH (key authentication by default)
  • Install fail2ban to block authentication failure

Network security

  • Limit who can access your service, avoid using 0.0.0.0 in the CIDR field of the security group form.
  • Be careful when creating your security rules, consider the following
    • Most services aren't meant to be publicly accessible:
      • mysql
      • postgresql
      • nosql
      • RDP
      • ... many, many others
    • Some services are meant to be accessible from the internet to deliver a service
      • Apache
      • Nginx
      • ... others
  • others:
    • Do not try to run a mail server.
Retrieved from "https://docs.alliancecan.ca/mediawiki/index.php?title=Security_considerations_when_running_a_VM&oldid=10569"