-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
On 17/04, Paul Grenyer wrote:
It seams that Digital Ocean droplets don't have any security, which obviously isn't great for production. I'd like to secure my server ready for production, but I'm not really sure where to start.
I'm hosted with linode and they have a fairly useful guide that covers a few things: https://www.linode.com/docs/security/securing-your-server/
I'm sure most of that would apply to Digital Ocean.
Also, here's a good guide to iptables: https://wiki.archlinux.org/index.php/Iptables
In general, if you've got all ports shut down except those you need and ssh is restricted to key-only login (and definitely disallow root login!) then you'll be in a good place.
Obviously, you can take security to the nth degree but the main attack points will be through the software you're intentionally exposing (web applications) and for that... good luck :)
btw, I'm not a security expert ;) Others on the list might be. I take my cue from the IRC channel: "advice given here generally isn't".
Steve