Security

Introduction> Introduction # A virtual private network, or VPN, allows you to securely encrypt traffic as it travels through untrusted networks, such as those at the coffee shop, a conference, or an airport.

Introduction> Introduction # UFW, or Uncomplicated Firewall, is an interface to iptables that is geared towards simplifying the process of configuring a firewall. While iptables is a solid and flexible tool, it can be difficult for beginners to learn how to use it to properly configure a firewall.

Introduction> Introduction # There are multiple ways to enhance the flexibility and security of your Node.js application. Using a reverse proxy like Nginx offers you the ability to load balance requests, cache static content, and implement Transport Layer Security (TLS).

Status: Deprecated> Status: Deprecated # This article covers a version of Ubuntu that is no longer supported. If you are currently operate a server running Ubuntu 12.04, we highly recommend upgrading or migrating to a supported version of Ubuntu:

Introduction> Introduction # Mail-in-a-Box is an open source software bundle that makes it easy to turn your Ubuntu server into a full-stack email solution for multiple domains. For securing the server, Mail-in-a-Box makes use of Fail2ban and an SSL certificate (self-signed by default).

Status: Deprecated> Status: Deprecated # This article covers a version of Ubuntu that is no longer supported. If you are currently operate a server running Ubuntu 12.04, we highly recommend upgrading or migrating to a supported version of Ubuntu:

Status: Deprecated> Status: Deprecated # This article covers a version of Ubuntu that is no longer supported. If you are currently operate a server running Ubuntu 12.04, we highly recommend upgrading or migrating to a supported version of Ubuntu:

Introduction> Introduction # When operating a web server, it is important to implement security measures to protect your site and users. Protecting your web sites and applications with firewall policies and restricting access to certain areas with password authentication is a great starting point to securing your system.

Introduction> Introduction # SSH is the de facto method of connecting to a cloud server. It is durable, and it is extensible — as new encryption standards are developed, they can be used to generate new SSH keys, ensuring that the core protocol remains secure.

Introduction> Introduction # Let’s Encrypt is a Certificate Authority (CA) that provides free certificates for Transport Layer Security (TLS) encryption, thereby enabling encrypted HTTPS on web servers. It simplifies the process of creation, validation, signing, installation, and renewal of certificates by providing a software client that automates most of the steps—Certbot.

Introduction> Introduction # LDAP, or Lightweight Directory Access Protocol, is a protocol designed to manage and access related information in a centralized, hierarchical file and directory structure. In some ways, it operates similarly to a relational database, but this does not hold true for everything.

[*]Introduction[*] Privilege separation is one of the fundamental security paradigms implemented in Linux and Unix-like operating systems. Regular users operate with limited privileges in order to reduce the scope of their influence to their own environment, and not the wider operating system.

Status: Deprecated> Status: Deprecated # This article covers a version of Ubuntu that is no longer supported. If you are currently operate a server running Ubuntu 12.04, we highly recommend upgrading or migrating to a supported version of Ubuntu:

Introduction> Introduction # How do you keep track of authorized and unauthorized activity on your server? OSSEC is one tool you can install on your server to keep track of its activity.

What are Meltdown and Spectre?> What are Meltdown and Spectre? # On January 4, 2018, multiple vulnerabilities in the design of modern CPUs were disclosed. Taking advantage of certain processor performance optimizations, these vulnerabilities—named Meltdown and Spectre—make it possible for attackers to coerce applications into revealing the contents of system and application memory when manipulated correctly.

Prelude> Prelude # Mod security is a free Web Application Firewall (WAF) that works with Apache, Nginx and IIS. It supports a flexible rule engine to perform simple and complex operations and comes with a Core Rule Set (CRS) which has rules for SQL injection, cross site scripting, Trojans, bad user agents, session hijacking and a lot of other exploits.

Status: Deprecated> Status: Deprecated # This article is deprecated and no longer maintained. Reason> Reason # This article duplicates more recent, accurate content. See Instead> See Instead # This article may still be useful as a reference, but may not work or follow best practices.

Introduction> Introduction # Let’s Encrypt is a new Certificate Authority (CA) that provides a way to obtain and install free TLS/SSL certificates, thereby enabling encrypted HTTPS on web servers. It streamlines the process by providing a software client, Certbot, that attempts to automate most (if not all) of the required steps.

Benefits of Public & Private SSH Keys> Benefits of Public & Private SSH Keys # If your headless, or remote, VPS is visible over the Internet, you should use public key authentication instead of passwords, if at all possible.

Note: You may want to consider using Let’s Encrypt instead of the StartSSL.com process below. Let’s Encrypt is a new certificate authority that provides a free and easy way of creating SSL/TLS certificates that are trusted in most web browsers.