Hi Steve
Thanks for the response!
I'm sure most of that would apply to Digital Ocean.
It basically a very basic Ubunto with everything open.
Also, here's a good guide to iptables: https://wiki.archlinux.org/index.php/Iptables
Yep, someone on another list pointed me to ufw which I've not used to configure IPTables.
In general, if you've got all ports shut down except those you need
Yep, this is where I am now.
and ssh is restricted to key-only login (and definitely disallow root login!) then you'll be in a good place.
Need to sort this.
Obviously, you can take security to the nth degree but the main attack points will be through the software you're intentionally exposing (web applications) and for that... good luck :)
Absolutely! This is the first server we're putting into production, so we keen to get it locked down.
btw, I'm not a security expert ;) Others on the list might be. I take my cue from the IRC channel: "advice given here generally isn't".
As always! :-) Many thanks!
I've actually got another issue now with Apache which I'll post about shortly.