<p>How to secure a VPS running in production (important service + data)?</p>
<ul>
<li>Use ONLY public key based AND disable password based auth (for SSH) + use non-default port</li>
<li>Disable root account, disable root login via ssh -> only use user accounts with sudo</li>
<li>Setup firewall (lockdown all unused ports - main: 80, 443)</li>
<li>Setup fail2ban (ban IP's failing ssh login attempts)</li>
<li>Use docker for your services</li>
<li>Set up regular automatic updates</li>
<li>Set up append only backups (whole server or DB) with regular validity tests (restore the backup)</li>
<li>Advanced: Set up disk level encryption (f.e. LUKS) - in case the hard drives will be resold: customer data can not be recovered</li>
</ul>
<p>#programming</p>


Sean's Blog

Operational Security