Security considerations when running a VM: Difference between revisions
Jump to navigation
Jump to search
(Marked this version for translation) |
No edit summary |
||
| Line 11: | Line 11: | ||
==Keep the operating system secured== <!--T:3--> | ==Keep the operating system secured== <!--T:3--> | ||
* Apply security updates on a regular basis. | * Apply security updates on a regular basis (see [[Security considerations when running a VM#Updating your VM| updating your VM]]). | ||
* Avoid using packages from unknown sources. | * Avoid using packages from unknown sources. | ||
* Use a recent image. For example, don't use Ubuntu 14.04 when Ubuntu 16.04 is available. | * Use a recent image. For example, don't use Ubuntu 14.04 when Ubuntu 16.04 is available. | ||
| Line 36: | Line 36: | ||
* Do NOT run a mail server. | * Do NOT run a mail server. | ||
==Updating your VM== | |||
To upgrade a Linux VM choose the steps below for your particular operating system. Note you will need to reconnect to your VM after rebooting. | |||
===Ubuntu/Debian=== | |||
<source lang="console"> | |||
$ sudo apt-get update | |||
$ sudo apt-get dist-upgrade | |||
$ sudo reboot | |||
</source> | |||
===CentOS=== | |||
<source lang="console> | |||
$ sudo yum update | |||
$ sudo reboot | |||
</source> | |||
===Fedora=== | |||
<source lang="console> | |||
$ sudo dnf update | |||
$ sudo reboot | |||
</source> | |||
==Further Reading== <!--T:5--> | ==Further Reading== <!--T:5--> | ||
An amazon article on securing instances: [https://aws.amazon.com/articles/1233/ https://aws.amazon.com/articles/1233/] | An amazon article on securing instances: [https://aws.amazon.com/articles/1233/ https://aws.amazon.com/articles/1233/] | ||
</translate> | </translate> | ||
[[Category:CC-Cloud]] | [[Category:CC-Cloud]] | ||
Revision as of 21:20, 10 January 2018
Parent page: Cloud
On the cloud, you are responsible for the security of your virtual machines.
This document is not a complete guide, but will set out some things you need to consider when creating a VM on the cloud.
Keep the operating system secured[edit]
- Apply security updates on a regular basis (see updating your VM).
- Avoid using packages from unknown sources.
- Use a recent image. For example, don't use Ubuntu 14.04 when Ubuntu 16.04 is available.
- Use SSH key authentication instead of passwords.
- Install fail2ban to block brute-force attacks.
Network security[edit]
- Limit who can access your service. Avoid using 0.0.0.0 in the CIDR field of the security group form.
- Be aware of the range you are opening with the netmask your are configuring.
- Do not bundle ranges of ports to allow access.
- Think carefully about your security rules. Consider the following:
- These services aren't meant to be publicly accessible:
- mysql (3306)
- postgresql (5432)
- nosql
- RDP (3389)
- ... many, many others
- Some services are meant to be accessible from the internet:
- Apache (80, 443)
- Nginx (80, 443)
- ... others
- These services aren't meant to be publicly accessible:
- Configure your web server to use HTTPS instead of HTTP.
- In many case HTTP should only be used to redirect traffic to HTTPS.
- Do NOT run a mail server.
Updating your VM[edit]
To upgrade a Linux VM choose the steps below for your particular operating system. Note you will need to reconnect to your VM after rebooting.
Ubuntu/Debian[edit]
$ sudo apt-get update
$ sudo apt-get dist-upgrade
$ sudo reboot
CentOS[edit]
$ sudo yum update
$ sudo reboot
Fedora[edit]
$ sudo dnf update
$ sudo reboot
Further Reading[edit]
An amazon article on securing instances: https://aws.amazon.com/articles/1233/