Security considerations when running a VM

From Alliance Doc
Revision as of 18:57, 6 April 2017 by Rdickson (talk | contribs) (copy-edit, add some links)
Jump to navigation Jump to search

On the cloud, you are responsible for the security of your VMs.

This document cannot be a complete guide, but will set out some things you need to consider when creating a VM on the cloud.

Keep the operating system secured[edit]

  • Apply security updates.
  • Avoid using packages from unknown sources.
  • Use a recent image. For example, don't use Ubuntu 14.04 when Ubuntu 16.04 is available.
  • Do not allow password authentication for SSH. Use key authentication instead.
  • Install fail2ban to block brute-force attacks.

Network security[edit]

  • Limit who can access your service. Avoid using 0.0.0.0 in the CIDR field of the security group form.
  • Do not bundle ranges of ports to allow access.
  • Think carefully about your security rules. Consider the following:
    • These services aren't meant to be publicly accessible:
      • mysql
      • postgresql
      • nosql
      • RDP
      • ... many, many others
    • Some services are meant to be accessible from the internet:
      • Apache
      • Nginx
      • ... others
  • Configure your web server to use HTTPS instead of HTTP.
    • In many case HTTP should only be used to redirect traffic to HTTPS.
  • Do not try to run a mail server.

HyperText Transfer Protocol

Retrieved from "https://docs.alliancecan.ca/mediawiki/index.php?title=Security_considerations_when_running_a_VM&oldid=11156"