Securing your web server
The three most important things you can do to mitigate potential risks to your instances are:
- Lock down ports to prevent unauthorized access
- Ditch passwords and require administrators to use SSH keys
- Keep up to date with software patches
Lock it Down: Close All Unnecessary Ports
In order to prevent criminals from gaining privileged access to your virtual server and planting malware or stealing data, you need to make sure that important ports/protocols are only accessible by trusted IP addresses and networks. For example, remote administration ports like 22 (SSH) should only allow access from your private network, and not the entire Internet.
Ditch Those Passwords: Use SSH Keys
To keep communications as secure as possible, you should use secure and encrypted protocols such as Secure Shell (SSH) to access your instance instead of Telnet, because Telnet transmits information in cleartext over the network.
Additional security can be provided by using secure authentication methods. We recommend using public-key authentication instead of passwords to remotely log in to your instances with SSH. Passwords are vulnerable to a variety of simple attacks, including dictionary and brute-force attacks.
Keeping Current: Patch Regularly
Both Windows and Linux are operating systems supported by large and active communities, and there are always new versions, security patches, and upgrades to many components of each platform. Many of these upgrades are in response to security vulnerabilities, so it’s important to always stay current with the latest patches.
What Else You Can Do
In addition to the tips above, it is also recommended to keep in mind the following best practices:
- Audit any proprietary applications you may be running on your server.
- Review configuration settings on your packages and harden their configuration from attackers.
- Provide access only to those users who have a business need to be on your systems.
- Give them the minimum access and privileges they need to perform their specific tasks.
- Provide temporary escalated privileges such as sudo for users who need to perform occasional privileged tasks.
- Have a procedure to revoke access when it is no longer needed.