Security - SSH/firewall/VPN

1. SSH Keys

private key is kept secret and secure by the user
public key can be shared with anyone.
Password - you can try to get correct one.
SSH - have many more bits of data, and it is harder to guess.

2. Firewalls

VPNs and Private Networking

https://www.digitalocean.com/community/tutorials/how-to-secure-traffic-between-vps-using-openvpn

3. Public Key Infrastructure and SSL/TLS Encryption

Prevent man-in-the-middle attacks

4. Service Auditing

discovering what services are running on the servers in your infrastructure.

sudo netstat -plunt

Stay attention to are Proto, Local Address, and PID/Program name.

If the address is 0.0.0.0, then the service is accepting connections on all interfaces.

5. File Auditing and Intrusion Detection Systems(IDS)

File auditing = detect changes to the system that may have been authorized.

IDS monitors a system or network for unauthorized activity.

https://www.digitalocean.com/community/tutorials/how-to-use-tripwire-to-detect-server-intrusions-on-an-ubuntu-vps

https://www.digitalocean.com/community/tutorials/how-to-install-aide-on-a-digitalocean-vps

6. Isolated Execution Environments

Separating your components can limit the access that an intruder has to other pieces of your infrastructure.

PreviousDigital Ocean - steps NextSecurity - MongoDB

Last updated 5 years ago

Was this helpful?