To fully understand how to secure Linux servers on the cloud, we must first take a look at the various security advantages in terms of efficiency and cost that the cloud has to offer over traditional hosting on-premises. We will take a look at how security is handled differently on-premises and how it differs from the cloud.
Managing your Linux servers physically or on-premises is vastly different when compared to managing Linux servers on the cloud. This is because various factors have to be taken into consideration, firstly, specific infrastructure has to be set up to accommodate for servers. Depending on the number of servers being set up, a server room with temperature controls and specific security policies will need to be setup.
Secondly, the resource consumption of the servers needs to be taken into consideration, an example of this is electricity consumption.
Lastly, and most importantly, is the physical access to the servers, which will tie in closely to the security policies that will be set up and explained in the security policy section. If you decide to host your Linux servers on the premises, you will need to take into consideration a lot more physical risk factors when setting up your security policy. An important thing to note is the more secure your security policy is the more intrusive the security becomes.
This is the first stage of securing your Linux servers on-premises and will entail different risk factors such as; who has physical access to the servers and whether you can prevent unauthorized tampering of servers.
Let us get started by taking a look at the various security features that can be configured when setting up a server on-premises.
- BIOS security – The BIOS is the first level of software in control of the hardware, it is responsible for booting your Linux server. As you can imagine, hackers or unauthorized personnel can modify the BIOS and change the way the Linux server boots, therefore compromising the system and the Physical level. This can be countered by using a boot password in your BIOS, this will prevent unauthorized booting and tampering, however, the BIOS can easily be reset by the attacker, if they can open the case of the server.
- Boot loader passwords – A bootloader password can also be used to prevent the unauthorized booting of a server. Anyone who has access to the bootloader will have direct access to the root directory of your system. Setting a bootloader password will depend on the bootloader being used, if you are using the GRUB bootloader, the “password” feature can be used to disable interactive control. This can easily be done by editing the GRUB configuration file.
$ nano /etc/grub.conf
You can add you password by adding the following line in the configuration file:
$ password --md5 <PASSWORD>
This is a very important security aspect when hosting on-premises, if you have more than one server or hosts connected to the same network, precautions need to be taken to prevent one infected host on the network from potentially infecting others. You must also take into consideration network security and access, this can be done by implementing firewalls and appropriate firewall rules, if you are also using a wireless router, strong encryption and passwords should be used as wireless networks tend to be very attractive for hackers and crackers.