1,234
edits
Changes
→Basic security on a public-facing server
Security is a topic most people aren't qualified to address. That's because it's complicated on its own, but in order to set it up properly: it also requires a solid understanding of the fundamentals of the systems which need to be secured.
That doesn't mean you can't learn it. As with most technologies, the recipe for success is simple. The more time you spend on it: the better you get. Every bit of learning you do related to security will make you more qualified. The more qualified you are to speak about security issues: the more valuable you are as a technician or engineer. Even if you're not directly responsible for security of a system: you will always have to work with themsecurity measures, and sometimes around them.
{{Admon/tip|Your attitude matters|Usually if you follow the rules of the organization you work for: security breaches are somebody else's problem. But not always. For example if you get your AWS Academy account suspended because your password was "123" - I won't feel bad for you, and ''you'' will have to find a way to complete the requirements of the course. And whether it's your problem or not: wouldn't you rather be a part of the solution anyway?}}
So as with AWS costs there are some steps I can tell you to follow, but overall you should take some time to think of security whenever you do anything. Who has access to a specific machine? Network? Service? Storage device? Is it hard to steal/crack a password and impersonate one of your users? Is your system vulnerable to off-the-shelf attacks? Keep those questions in the back of your mind, and as a minimum follow the following guidelines: * A Set a good password for your AWS account, and don't use that password for '''any''' resources inside AWS. Your AWS account passwordis like a super-root password. It gives you full access not only to a specific machine, not used anywhere but to all machines, networks, storage devices, and billing. You can end up running someone else's botnet, and paying for it too.* Possibly the most common attack on a Linux machine is the brute-force SSH login attack. It takes very little setup to mitigate almost all these attacks:* Remove * Delete all default usernames, except root which you can't delete.** Make sure that root is never allowed to log in remotely.** Whenever possible: don't use passwords at all, use SSH keys for logging in* root is never allowed . You've learned how to log use them in remotelyOPS245.* How Learn how to use sudo and how to configure it.* ssh keys, same as OPS245* How to organise Get in the habit of organising your SSH keys and not so you don't accidentally lose them.
= First AWS VM =