security is a requirement

If your work involves running or being part of a software business, keeping it secure is almost a full-time job. However, if you don’t have someone handling this role, it is good to have proper checks to ensure that attackers go through as many gates as possible.

A few things you will need:

  • Ensure that you have a WAF in place. For example, if you are using Amazon, enable Amazon WAF. If you use Cloudflare for your DNS, Cloudflare also offers WAF as a service.
  • Update your web server, Nginx or apache with all the security settings supported.
  • Ensure that your servers IPTables only allow for traffic on desired ports and blocks all other traffic.
  • Fail2ban. Install this and have it running all the time.
  • Ensure that SSH only accepts traffic from IP’s that you trust.
  • Get a dedicated IP address for the above and accept traffic to SSH only from this IP.
  • Ensure that your servers operating system and the packages are as up to date as possible.

These should be a good starting point. You can do other things to keep your software secure, which should be at the application level. For example, ensure that you sanitise the user’s output data.

Sunil Shenoy @sunil
Made with