Security considerations when running a VM

From Alliance Doc
Revision as of 14:42, 29 March 2017 by Mgariepy (talk | contribs) (Created page with "On the cloud, you are responsible for the security of your VMs. This document is not intended to be a complete guide but only to give you some basic guidelines on things your...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

On the cloud, you are responsible for the security of your VMs.

This document is not intended to be a complete guide but only to give you some basic guidelines on things your need to consider when creating a VM on the cloud.

Keeping the Operating System secured:

  • Apply security updates
  • Avoid using packages from unknown sources
  • use an updated image (ex: don't use Ubuntu 14.04 when ubuntu 16.04 avalaible, or cent
  • Do not allow password authentication for SSH (key authentication by default)
  • Install fail2ban to block authentication failure

Network security

  • Limit who can access your service, avoid using 0.0.0.0 in the CIDR field of the security group form.
  • Be careful when creating your security rules, consider the following
    • Most services aren't meant to be publicly accessible:
      • mysql
      • postgresql
      • nosql
      • RDP
      • ... many, many others
    • Some services are meant to be accessible from the internet to deliver a service
      • Apache
      • Nginx
      • ... others
  • others:
    • Do not try to run a mail server.
Retrieved from "https://docs.alliancecan.ca/mediawiki/index.php?title=Security_considerations_when_running_a_VM&oldid=10568"