This guest blog comes to us from Dave Meizlik, Dome9 VP of marketing and business development. Dome9 is a featured member of the SoftLayer Technology Partners Marketplace. With Dome9, you get secure, on-demand access to all your servers by automating and centralizing firewall management and making your servers virtually invisible to hackers.
Tech Partners Marketplace: http://www.softlayer.com/partners/marketplace/dome9
Three Tips to Securing Your Cloud Servers
By now everyone knows that security is the number one concern among cloud adopters. But lesser known is why and what to do to mitigate some of the security risks … I hope to shed a little light on those points in this blog post, so let’s get to it.
One of the greatest threats to cloud servers is unsecured access. Administrators leave ports (like RDP and SSH) open so they can connect to and manage their machines … After all, they can’t just walk down the hall to gain access to them like with an on-premise network. The trouble with this practice is that it leaves these and other service ports open to attack from hackers who need only guess the credentials or exploit a vulnerability in the application or OS. Many admins don’t think about this because for years they’ve had a hardened perimeter around their data center. In the cloud, however, the perimeter collapses down to each individual server, and so too must your security.
Tip #1: Close Service Ports by Default
Instead of leaving ports — from SSH to phpMyAdmin — open and vulnerable to attack, close them by default and open them only when, for whom, and as long as is needed. You can do this manually — just be careful not to lock yourself out of your server — or you can automate the process with Dome9 for free.
Dome9 provides a patent-pending technology called Secure Access Leasing, which enables you to open a port on your server with just one click from within Dome9 Central, our SaaS management console, or as an extension in your browser. With just one click, you get time-based secure access and the ability to empower a third party (e.g., a developer) with access easily and securely.
When your service ports are closed by default, your server is virtually invisible to hackers because the server will not respond to an attacker’s port scans or exploits.