Secure your E2E Nodes – Best Practice¶
In an increasingly exposed web environment,Server-level security is crucially important.When you are setting up and Launching your Nodes,Installing and configuring your Application will often be your main concern,However without addressing the security needs of your Infrastructure could leads devastating effect on your environment.
In this article,We will share you the steps on some basic security practices that are important for your nodes before setting up your infra
Step 1 : Setting up your SSH keys¶
By default,You will have an Password-based logins enabled on your newly launched E2E Nodes.Modern processing power combined with automated scripts make brute forcing a password-protected account very possible since passwords generally are not complex. SSH keys prove to be a reliable and secure alternative.
SSH keys are a pair of cryptographic keys that can be used to authenticate to an SSH server as an alternative to password-based logins. A private and public key pair are created prior to authentication. The private key is kept secret and secured by the user, while the public key can be shared with anyone.
You can setup your SSH keys based on your OS environment,If you are not sure about how to set it up.You can refer this article
Step 2 : Keep your Nodes Up-to-date¶
As latest security vulnerabilities are discovered, the affected software must be updated in order to limit any potential security risks.If an erratum update is released for software used on your system, it is highly recommended that you update the affected packages as soon as possible to minimize the amount of time the system is potentially vulnerable.
As a security measure, you need to update your software packages to latest version for every a newly lauched E2E nodes,You can use below commands based on your Distribution
sudo apt-get update && sudo apt-get upgrade
Sudo yum update
Step 3 : Configuring Firewall¶
A firewall is a piece of software (or hardware) that controls what services are exposed to the network. This means blocking or restricting access to every port except for those that should be publicly available. Setting up a firewall is a significant stage in securing most of the modern operating systems. Most Linux distributions come equipped with different firewall tools that we can use to configure our firewall.
Firewalls can make sure that access to your services is restricted, Application that requires Public ports can be left open and available to everyone and private ports can be restricted. Internal services can be made completely inaccessible to the outside world. For ports that are not being used, access is blocked entirely in most configurations.
Step 4: Implementing VPN (Virtual Private Networks)¶
A virtual private network, or VPN, is an encrypted connection over the Internet from a device to a network. The encrypted connection helps ensure that sensitive data is safely transmitted. It prevents unauthorized people from eavesdropping on the traffic and allows the user to conduct work remotely.
In the context of server security, VPN plays an important part in allowing access to specific ports only through a private network. This enables users only within the private network to manage the servers and users from the public networks are barred from unrestricted access.
Step 5: Stop unnecessary services running on your Nodes¶
There are many numbers of services that can be running on your servers, which you’ll probably never use, or at worst, leave ports open to external break-ins. The more services that are running, the more ports that will be left open to intruders. So to protect your system, it’s best to turn off any unnecessary services.
Step 6: Backup your Server¶
Backups are great means to protect the contents of your Virtual Compute Node. They are helpful in projects or milestones to back up the complete data containing important information. E2E Networks Backups works as an exact replica of the entire file system which is backed up automatically at periodic intervals. This allows point-in-time to restore from any of the recovery points present. The Backups performed are incremental backups, which means that it only writes blocks that have changed since the previous backup.
We recommend you to subscribe CDP backups on all servers especially the servers on the production environment. Having CDP backups secures your data from accidental data loss or modifications along with the option of retaining data for a longer period of time without consuming the server’s disk space.
For more details on how to create and restore CDP Backups, You can refer to this article
The above-mentioned steps are the common steps taken to enhance your server security, However its important to note that the security measure of your server need to be implemented from the start of your Server setup and needs to be configured as per your setup requirements, along with the implementation of security on Services and Application level you are providing.