Portal Home > Knowledgebase > Articles Database > How to secure a virtualized server?
How to secure a virtualized server?
| Posted by killerlipz, 09-14-2013, 11:25 AM |
| I have a box for deployment of openvz containers...main os used is centOS 6
What are the things I can do to protect my server as well as those vps hosted but maintain efficiency in performance..?
|
| Posted by KeithLatteri, 09-14-2013, 01:29 PM |
| Id recommend getting a good firewall (Cisco ASA 5505) and update the kernel because of recent CentOS 6 Local Root Exploit (CVE-2013-2094)
|
| Posted by vx|brian, 09-14-2013, 01:43 PM |
| Are you speaking about securing the actual containers or the server that hosts them?
|
| Posted by FLDataTeK, 09-14-2013, 01:46 PM |
| Uninstall all unneeded software and shutdown unneeeded services. Basically your closing down as many attack vectors as you can.
Change SSH port
Add Fail2Ban so that IP's are blocked after to many failed attempts
Remove direct root logins
|
| Posted by killerlipz, 09-14-2013, 07:40 PM |
| The server that host the vps...
|
| Posted by BestServerSupport, 09-15-2013, 02:19 AM |
| Normally, Data Center people will use hardware firewall to protect the main HW node from attacks to reduce the overhead of the node from managing all the traffic through its firewall (as you can assume, the node firewall has to manage all the traffic from/to the VPSs, which is really going to affect the performance if it hosts a number of busy VPSs)
Disabling any unnecessary service in the main node (mail service, printer service..etc)and disabling direct root access will be sufficient in most cases.
|
| Posted by Mayur-strad, 09-16-2013, 05:08 AM |
| don't install any unknow softwares & install , configure proper firewall.
|
| Posted by nrion, 09-16-2013, 05:33 AM |
| I'd recommend to install a HIDS and general monitoring so you know when you get attacked. I do both with Zabbix but there are more convenient ways for HIDS though.
-- nrion
|
| Posted by CheapSSLSecurity, 09-18-2013, 02:17 AM |
| I think Hacker Proof TrustMark with Daily Vulnerability Scan can help you to maintain efficiency in performance and provide you the detailed report if any code or files are affected from malware or other junk data. You can also go with some scanning enterprise software that protects the server and alert you with details.
|
| Posted by RRWH, 09-18-2013, 02:49 AM |
| Regardless if the server is a node or just for hosting, you apply as many layers of protection as possible.
This means in part, remove any un-needed software, install appropriate firewalls, appropriate vulnerability scanners, secure all permitted access vectors etc.
|
Add to Favourites 
Print this Article
Also Read
rsync (Views: 842)