When setting up secure environment for your business application safety is one of primary concerns. Specific security needs depend upon infrastructure but there are some common security measures that are considered to be the best universal solutions.
SSH Keys are used to authenticate access to SSH server instead of password-protected logins. First step is to create a public and a private key. Private key is secret and should be kept securely by user; public key can be shared.
To set up SSH key authentication you must put the public key of user on server into a special directory. When user connects to sever, it will ask for confirmation that this user is authorized. The SSH client will use the private key to confirm authorization. Then server will allow a direct connect.
Any kind of authentication with SSH is encrypted. SSH keys are more secure than passwords and are much better protected against cracking.
Firewall is hardware or software that restricts access to certain services. servers typically run various services, some of them must be accessible for public, others must be private. Firewall allows restricting access based on groups above. Firewalls are an important part of server environment.
Private networks are available only to certain users or servers. VPN, or virtual private network is used to establish secure connection between remote computers as if they are a part of a local group.
Using VPN is a way to setup a private network that only your servers will see, and communication will be fully secure. Using VPN is available in lots of datacenter and it won’t be much difficult to set it up.
PKI and SSL/TLS Encryption
PKI, or public key infrastructure is designed to create and authenticate certificates for encrypting connection and user identification. TSL and SSL certificates are use to authenticate entities for each other. Also, they can be used to provide encrypted communication.
Regular audits of your infrastructure are critical to provide high level of security. You need to analyze your system, find potentially vulnerable spots and lock those components that must be restricted.
You need to check what services are listening to ports. Checking files is important, too. You need to compare current file system to record of files of the system in a correct state.
Intrusion detection system would also be useful. This is software that monitors network or system and detects activity that is not authorized.