Skip to main content

Best Practice

Secure your E2E Nodes – Best Practice

Introduction

In an increasingly exposed web environment, Server-level security is crucially important. When you are setting up and launching your Nodes, installing and configuring your application will often be your main concern. However, without addressing the security needs of your infrastructure, it could lead to devastating effects on your environment.

In this article, we will share with you some basic security practices that are important for your nodes before setting up your infra.

Step 1: Setting up your SSH keys

By default, you will have password-based logins enabled on your newly launched E2E Nodes. Modern processing power combined with automated scripts makes brute forcing a password-protected account very possible since passwords generally are not complex. SSH keys prove to be a reliable and secure alternative.

SSH keys are a pair of cryptographic keys that can be used to authenticate to an SSH server as an alternative to password-based logins. A private and public key pair are created prior to authentication. The private key is kept secret and secured by the user, while the public key can be shared with anyone.

SSH Keys

You can set up your SSH keys based on your OS environment. If you are not sure about how to set it up, you can refer to this article.

Step 2: Keep your Nodes Up-to-date

As latest security vulnerabilities are discovered, the affected software must be updated in order to limit any potential security risks. If an erratum update is released for software used on your system, it is highly recommended that you update the affected packages as soon as possible to minimize the amount of time the system is potentially vulnerable.

As a security measure, you need to update your software packages to the latest version for every newly launched E2E node. You can use the below commands based on your distribution:

Deb based:

sudo apt-get update && sudo apt-get upgrade

rpm based

Sudo yum update

Step 3: Configuring Firewall

A firewall is a piece of software (or hardware) that controls what services are exposed to the network. This means blocking or restricting access to every port except for those that should be publicly available. Setting up a firewall is a significant stage in securing most of the modern operating systems. Most Linux distributions come equipped with different firewall tools that we can use to configure our firewall.

Firewalls can make sure that access to your services is restricted. Applications that require public ports can be left open and available to everyone, while private ports can be restricted. Internal services can be made completely inaccessible to the outside world. For ports that are not being used, access is blocked entirely in most configurations.

Configuring Firewall

Step 4: Implementing VPN (Virtual Private Networks)

A virtual private network, or VPN, is an encrypted connection over the Internet from a device to a network. The encrypted connection helps ensure that sensitive data is safely transmitted. It prevents unauthorized people from eavesdropping on the traffic and allows the user to conduct work remotely.

In the context of server security, VPN plays an important part in allowing access to specific ports only through a private network. This enables users only within the private network to manage the servers, while users from public networks are barred from unrestricted access.

Implementing VPN

Step 5: Stop Unnecessary Services Running on Your Nodes

There are many services that can be running on your servers, which you’ll probably never use, or at worst, leave ports open to external break-ins. The more services that are running, the more ports that will be left open to intruders. To protect your system, it’s best to turn off any unnecessary services.

Step 6: Backup Your Server

Backups are a great means to protect the contents of your Virtual Compute Node. They are helpful in projects or milestones to back up complete data containing important information. E2E Networks Backups work as an exact replica of the entire file system, which is backed up automatically at periodic intervals. This allows point-in-time restoration from any of the recovery points present. The backups performed are incremental, meaning they only write blocks that have changed since the previous backup.

We recommend subscribing to CDP (Continuous Data Protection) backups on all servers, especially those in a production environment. Having CDP backups secures your data from accidental data loss or modifications, along with the option of retaining data for a longer period without consuming the server’s disk space.

For more details on how to create and restore CDP Backups, you can refer to this article.

Conclusion

The above-mentioned steps are common practices to enhance your server security. However, it's important to note that security measures need to be implemented from the start of your server setup and configured according to your specific requirements. Additionally, ensure the implementation of security measures at both the Services and Application levels.