The more projects you handle, the more servers you manage. But when you ssh to servers of different projects, are you using the same private key?
And how secured you feel about this? Let’s imagine. One day, your powerful private key gets compromised somehow. Boom! All your servers, and all your projects are in danger.
Check out this post. And get improved for all your projects, in just five minutes!
NeuVector is a startup company in Bay Area, focusing on run-time container security. In our previous post, we find docker-bench-security useful to avoid many common Docker pitfalls.
NeuVector helps to address some Docker security issues, which are not well resolved before. e.g, intelligently detect malicious traffic within servers of our critical envs, visualize network topology with large scale of docker envs, etc.
As DevOps or IT professionals, people may ask us why they can’t ssh to servers. It happens from time to time. Isn’t right? Not much fun. Just routine work.
Want to ease the pain and burden? Let’s examine common ssh failures together. Next time forward this link to your colleagues, if useful. People may be able to identify the root cause all by themselves, or be efficient in collecting all necessary information, before turning to us.
docker-bench-security is a script that checks for dozens of common best-practices around deploying Docker containers in production.
We use Docker to save effort, not the other way around. Try docker-bench-security to avoid common pitfalls using Docker. It’s provided by Docker, Inc. Totally free and constantly polished.
Enclosed is all you need to know, in order to understand and use the tool.
Any serious DevOps will only ssh by key file. Not with password, right? And mostly our powerful key file can unlock many critical envs. Have you ever uploaded your private key to other envs, like jumpbox? What if your key is magically stolen by hackers somehow?
Time to protect your sensitive ssh key by passphrase. And live with it, headache-free.
Any serious systems can’t ignore server security, especially in public Cloud. No doubt there’re tons of tips and tutorials available on the Internet. Let’s focus on fundamental and general best practices first.
A List Of Security Improvements I Enforce After OS Provisioning.
Nowadays people are happy to use community Docker images. It’s super fast and easy to setup infrastructure, compared to old black days. But watch out security risks hidding inside!
Ignoring them could result in serious damages sooner or later. How to easily identity security holes inside docker images?
Ever bothered by suspicious processes running in your servers? No doubt how dangerous they might be: valuable data leaked, CPU/memory wasted, or DDoS attack other victims, etc.
How to easily capture those annoying troublemakers? Even better, get alerted without extra human effort.
While go cloud is a prevailing trend, security is something we can’t afford to ignore. People hate malicious access. Periodically check all widely open TCP Ports is one good practice to secure our system in cloud. Obviously DB ports can’t be exposed to the whole internet. Our internal REST API also need to be protected.
We should make sure firewall is properly configured. What’s more important, we need to be always on top of these security holes with minimum efforts. So let’s automate the audit process of insecure TCP Ports.