Security is not optional on any internet Connected Machine

Today I saw an interesting statistic on slashdot: Over 200000 database servers with no authentication, over one petabyte of data access. Earlier this year, there was a post about how many people accidentally post their aws keys to github without realizing they've just opened themselves to potential charges with automated network scanners.

An increasing number of people put their servers online without any security and put passwords/keys online. A lot of hacks are a result of careless mistakes/ skipping security altogether.

Some would argue that the data on some servers is less confidential than others or a cloud server that will be up for a short time is not as much of an issue but as technology evolves, there are more and more money incentives to hacking systems, one should expect more intrusions and more sophisticated attacks.

Further, security is as strong as the weakest link in the chain and a compromise on an unimportant server that may seem harmless may end up costing much more than expected. For example, I have seen servers that were never meant to be online may end up opening wide open a whole secured network. Sometimes, temporary solutions end up lasting much longer than initially planned. As a result, since security was overlooked because the solution was never meant to last, the whole network is wide open.

Obviously, there can be no guarantees that a zero day exploit will expose a network to malicious attacks but if there is no security, it is even worse and consequences are potentially catastrophical.

Many guides to securing servers exist and this is obviously not meant as an depth security manual. As a matter of fact, the advice below should be common sense and already be in place but I have seen these basic rules ignored too many times, so here are things you should already be doing:

Basic Tips

As I said earlier, there are plenty of more complete guides on securing servers but this is more of a reminder of what you should be already doing.