On 30/10/2012 19:50, Chris Pagnutti wrote:
> First, is this a good idea? Do you think I can do this securely using
> the django, apache, and lighttpd docs? or am I asking for trouble?
> What are the major security issues I need to be aware of when
> administering a server?
Configure a firewall to block all incoming ports except for port 80,
443, and 22 (some suggest changing the port that SSH listens on but it
has no real security value, a simple port scan by an attacker will
reveal which port it is listening on so don't bother).
Disable root login via SSH.
Disable password logins via SSH.
Rate limit port 22.
Only allow one user (not root) access to the server via SSH.
Use SSH keys for authentication.
Make sure you always have the most recent security updates installed.
Make sure that the database server is not publically accessible (if you
want to access your database server from your home computer connect to
it via an SSH tunnel).
Just a few simple steps to take when securing a server.
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to django-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment