Possibilities to Access and Control with External Computers Also Attract Hackers. Here Are Steps to Safe Remote Maintenance of Cloud Servers. This guide is written mainly for infrastructures running OpenStack Cloud Computing software, more precisely – HP Helion Cloud. That does not mean, if you are not using an OpenStack cloud platform, this guide is fully unusable.
Steps to Safe Remote Maintenance of Cloud Servers : Introduction
Water takes the path of least resistance to get to your destination. Fire finds its own way. With the flood of unauthorized hacker access, situation is quite similar. The utilization of open channels of communication is one of the most successful variants to gain access to other people’s computers and corporate networks. Most attention should therefore be on the remote management solutions used. The necessarily extensive features for remote control can provide special danger.
Convenient access and control possibilities on external computers mean that is also that they are popular entry points for hackers. A Verizon-study revealed that financially motivated eavesdropping happens most commonly through desktop sharing or remote access services such as RDP (Remote Desktop Protocol) or VNC (Virtual Network Computing).
Steps to Safe Remote Maintenance of Cloud Servers
Teleworking and mobile computing have sustainably changed the coordinate system. With teleworking, mobile computers and home offices modern companies use to diverse customer and employees’ needs. From security point of view – the systems and devices used are no longer within the scope of the local network.
Simple port knocking software can decrease the chance of login via SSH where key based authentication is not used to do SSH. Hacker can scan for open ports and so find a way, so a better way to control is using the virtual router’s ingress-egress policies.
We do not need Ping most of the time. Disabling or not enabling Ping or limiting Ping to own dedicated IP can reduce the chance of attacks.
FTP is often used. Even with virtual router and key based authentication system, using FileZilla on Microsoft Windows like vulnerable to virus, malware operating system can “leak” the key used for FTP. Enabling the unix Wheel group is a great idea to put the hacker in jail shell in case of failure of all the layers of security.
Checking server logs, preferably from remote computer falls among regular works on server. We can encrypt a directory on server which is facing the public.
For key based authentication to SSH, it is very important to keep the key on a secured computer like on a Mac or GNU/Linux computer. The key is important and only way to authenticate. It basically should not remain on the service provider’s dashboard. But, in case of deletion from Dashboard, the key must have backup on a physical device and protected under lock and key. The computer must have a hard password to login to the account. We can enable root user on Mac. If we change the ownership of the file, the other account needs to be used to SSH.
Not to forget two simple tricks – enabling screensaver with password or some way to authenticate the user after a time. MacBook Pro is susceptible to get stolen, ensuring the physical security with lock (if has the slot) is important.
Last trick is most useful where someone can co-share the same account – clearing the Terminal history. Typing simple
!!, arrow keys shows the command like SSH – which is dangerous for key based login. If we simply run
cat ~/.bash_history command,
cat ~/.zsh_history – too much shows up. It is important not to use too many number of shells. Do you know, how to empty them? read the linked article or run
echo " " > ~/.bash_history. Also run
man history command to check the usages.