Linux on the cloud
Now that we have taken a look at how Linux security on-premises works, we can now take a look at why Linux in the cloud is much better in terms of physical security, and how it differs from Linux on-premises.
Many cloud hosting providers exist on the internet and all offer the same type of package in regards to getting your Linux server up and running, so it can be a daunting task to pick the right cloud hosting provider.
Given that the cloud gets rid of the physical aspect of hosting a server, it also gets rid of the physical layer of the server security, which makes everything simpler. Cloud hosting providers offer varying levels of physical control, from booting and the shutting down of servers, to setting up customized firewalls.
Let us take a look at some of the most important security measures to be taken in the cloud, we will be going through how to implement all of these techniques later on in the book.
Console and account access
Your security policy should define the various individuals and their respective accounts that will have access to the cloud hosting provider console or dashboard, and the various permissions for interacting with the servers and any other resources. This will prevent unauthorized access by individuals who may not know how to interact with the dashboard or who may have malicious intent. This will also create a system of accountability as only certain accounts will have direct access to interact with the servers.
SSH (Secure Shell)
SSH (Secure Shell) is a secure network protocol that allows users to securely access a computer remotely, over an unsecured network.
SSH will be the primary access point to your server, so it is essential to secure it correctly. Let us take a look at the various ways this can be done.
- Change the default SSH port from port 22 to another unambiguous port. This is because the default SSH port will be subject to brute force attacks.
- Make use of SSH keys instead of password-based authentication. This is extremely important as passwords can easily be guessed by brute force attacks and commonly used wordlists. SSH keys utilize asymmetric encryption, where the public key is stored on the server and the private key is stored on your computer, as a result, access to the server can only be done by using the private key.
Setting up a firewall
Many cloud hosting providers provide firewall functionality that allows you to close any open ports that are not being used, this can be done at different levels of abstraction, for example, if you are using AWS you can create a security group that specifies the particular ports that can be accessed and associate it with your server, this can also be done on the server by using a tool like iptables (explained later in the book).
Backups are extremely important for organizations that handle data, many things can go wrong, not only from a security standpoint but from a system administration standpoint, databases and files can be deleted by mistake, or hackers could gain unauthorized access and compromise the integrity of the data. Most cloud hosting providers provide backup and snapshot services that are worth every penny because they can be set up to automatically backup and take snapshots of your servers. If you prefer to backup files manually, you can also automate the process with bash scripts.
Manual backups, however, may not offer the same level of reliability and may not guarantee complete restoration, for this reason, automated tools and programs are recommended to streamline the process and ensure that data can be recovered correctly. We will not be covering the various tools that can be used for creating backups in this book as various factors like subscription costs are dependent on your security policy.
DDoS and Brute force protection
Brute force and DDoS are some of the most common types of attacks on servers, they usually target the web application or particular ports, in the case of SSH, there are many tools that can be used to prevent brute force attacks, an example of this is SSH Guard, this is a tool that blocks failed login attempts on both SSH and FTP protocols. DDoS attacks are equally as common and are usually caused as a result of exposing the origin IP address of the server to the public, this should be avoided at all costs and will save you a lot of pain when securing your server. Using a Content Delivery Network (CDN) like Cloudflare will mitigate this risk, and provide other functionality like a WAF (Web Application Firewall).
System and package updates
Keeping your operating system, kernel, and packages up to date are very important, as new vulnerabilities may be discovered that affect your OS or packages, as a result, patches for these vulnerabilities will be pushed and you will need to patch your system immediately.
These are some of the fundamental cloud security practices for your servers and infrastructure, they will be explained in detail later in the book.
Now that we have differentiated Linux security in the cloud from Linux security on-premises, we can see how the cloud offers much better security by eliminating the need for physical security and giving us a much wider range of services.
Let us now take a look at how to develop a security policy that is inclusive of both the physical and software aspects of security.