Any serious systems can’t ignore server security, especially in public Cloud. No doubt there’re tons of tips and tutorials available on the Internet. Let’s focus on fundamental and general best practices first.
A List Of Security Improvements I Enforce After OS Provisioning.
Nowadays people are happy to use community Docker images. It’s super fast and easy to setup infrastructure, compared to old black days. But watch out security risks hidding inside!
Ignoring them could result in serious damages sooner or later. How to easily identity security holes inside docker images?
Ever bothered by suspicious processes running in your servers? No doubt how dangerous they might be: valuable data leaked, CPU/memory wasted, or DDoS attack other victims, etc.
How to easily capture those annoying troublemakers? Even better, get alerted without extra human effort.
While go cloud is a prevailing trend, security is something we can’t afford to ignore. People hate malicious access. Periodically check all widely open TCP Ports is one good practice to secure our system in cloud. Obviously DB ports can’t be exposed to the whole internet. Our internal REST API also need to be protected.
We should make sure firewall is properly configured. What’s more important, we need to be always on top of these security holes with minimum efforts. So let’s automate the audit process of insecure TCP Ports.