Hi Steve

Thanks for the response!

I'm sure most of that would apply to Digital Ocean.

It basically a very basic Ubunto with everything open.

Also, here's a good guide to iptables: https://wiki.archlinux.org/index.php/Iptables

Yep, someone on another list pointed me to ufw which I've not used to configure IPTables.

In general, if you've got all ports shut down except those you need

Yep, this is where I am now.

and
ssh is restricted to key-only login (and definitely disallow root
login!) then you'll be in a good place.

Need to sort this.

Obviously, you can take security to the nth degree but the main attack
points will be through the software you're intentionally exposing (web
applications) and for that... good luck :)

Absolutely! This is the first server we're putting into production, so we keen to get it locked down.

btw, I'm not a security expert ;) Others on the list might be. I take my
cue from the IRC channel: "advice given here generally isn't".

As always! :-) Many thanks!

I've actually got another issue now with Apache which I'll post about shortly.

Thanks
Paul

Paul Grenyer
e: paul.grenyer@gmail.com
b: paulgrenyer.blogspot.com
t: pjgrenyer

Have you thought what Naked Element could do for you? http://nakedelement.co.uk/

It's time to get technical: http://norfolkdevelopers.com