Security considerations when running a VM
Jump to navigation
Jump to search
On the cloud, you are responsible for the security of your VMs.
This document is not intended to be a complete guide but only to give you some basic guidelines on things your need to consider when creating a VM on the cloud.
Keeping the Operating System secured[edit]
- Apply security updates
- Avoid using packages from unknown sources
- use an updated image (ex: don't use Ubuntu 14.04 when ubuntu 16.04 avalaible, or cent
- Do not allow password authentication for SSH (key authentication by default)
- Install fail2ban to block authentication failure
Network security[edit]
- Limit who can access your service, avoid using 0.0.0.0 in the CIDR field of the security group form.
- Be careful when creating your security rules, consider the following
- Most services aren't meant to be publicly accessible:
- mysql
- postgresql
- nosql
- RDP
- ... many, many others
- Some services are meant to be accessible from the internet to deliver a service
- Apache
- Nginx
- ... others
- Most services aren't meant to be publicly accessible:
- Configure your web server to use HTTPS instead of HTTP.
- In many case HTTP should only be used to redirect traffic to HTTPS.
- others:
- Do not try to run a mail server.