Web Hosting Talk : Web Hosting Main Forums : Hosting Security and Technology : VPS Hardening?

[vect0r]

I have an unmanaged VPS, and was wondering what is all included typically in VPS hardening. Is it worth it to pay the fee to have my provider do it? Or is it something that is easy enough to do myself?

TIA.

[Cirtex]

If you're unsure about this, then yes probably i'd pay someone to take care of it, especially a one time setup fee should be reasonable.

[DME-Geoff]

Check out some of the server hardening offers in the forum here, you would require most of the work that the typical ads include.

It's definately worth the cost if you want to prevent being hacked as much as possible, just make sure you get someone skilled to tackle the job, and read reviews about your prospects here on WHT.

If you are comfortable using the command line, you could google around or even search this forum - WHT has a lot of great guides on securing a VPS.

[JFOC]

VPS Hardening is easy, but if you cannot do that just contact some outsourcing server management or pay someone you know

[JFSG]

Quote:

Originally Posted by JFOC

VPS Hardening is easy, but if you cannot do that just contact some outsourcing server management or pay someone you know

Easy for tech savvy individuals...

[AquariusStorage]

Quote:

Originally Posted by JFOC

VPS Hardening is easy, but if you cannot do that just contact some outsourcing server management or pay someone you know

Yeah hardening a VPS is about the same as hardening a dedicated server minus probably playing with the kernel if its running on OpenVZ. I can say for sure that if the OP doesn't know what he's doing, he's going to probably do some serious damage.

[mugo]

Quote:

Originally Posted by JFOC

VPS Hardening is easy, but if you cannot do that just contact some outsourcing server management or pay someone you know

I agree, "easy" is very relative. You have to have a concept of what may attack, and the tools / techniques available.

OP, if you have moderate linux skills and understanding, just some research and Q/A may suffice. If you are not comfy in the shell, I'd suggest you get a good tech to help you out.

[vect0r]

I'm more than comfortable with shell and linux. That being said I'm not up to date as to what is vulnerable, what needs to be hardened, etc. There are about 100 different tutorials on VPS hardening, and all though some are similar there are a lot of different "opinions" on what needs to be done.

And just because of that fact I think I'll just get my host to do it. I want it done right, and don't want to miss anything. (In case I follow an incomplete hardening tutorial etc).

TY for input.

[JFOC]

good if your provider could do that

[mwatkins]

Quote:

Originally Posted by vect0r

is it something that is easy enough to do myself

This depends a lot on how much effort you are willing to put into the task. In the long run, it is far better to learn how to manage your own server, but if you are unlikely to actually do the work, it is far better to pay someone to get it done.

If you are not providing accounts on your VM to various untrusted users, by default your system may be more secure than some web hosts.

But that doesn't mean you don't have work to do. If your VPS is up already it is no doubt being subject to a dictionary attack - an automated attempt to log on via ssh by trying various user names and passwords. Usually within a few hours of a new machine or VM (virtual machine) being on-line these attacks start. You should stop them, and it is easy enough to do but takes a little google research for the newbie. Answers can even be found on this forum.

While this is for FreeBSD I would encourage you to read it even if you are using another OS as it gives a great many good ideas on security, many of which are in fact usable on other OS's. Some minor path changes to configuration files may be in order.

Unofficial FreeBSD Security Checklist / Links / Resources
http://forums.freebsd.org/showthread.php?t=4108

Perhaps someone can point you to a similar link for your OS.

[sej7278]

Quote:

Originally Posted by AquariusADMIN

Yeah hardening a VPS is about the same as hardening a dedicated server minus probably playing with the kernel if its running on OpenVZ. I can say for sure that if the OP doesn't know what he's doing, he's going to probably do some serious damage.

yeah, when i was hardening my unmanaged vps i noticed a lot of limitations regarding kernel tuning in sysctl.conf, proc filesystem access, iptables not enabled by default etc.

what must be frustrating is that you harden your vps to death, and then you get deleted because the node is running hypervm!

its one area we as users have no control over - the host's security, and it has the largest potential damage level.

[The-Pixel]

I really feel the VPS competition is becoming extremely difficult. You will see Hybrids coming into play in the next year or two. Most VPS companies offer the fully management support your looking for. If its not included into your monthly price then I strongly suggest looking for another VPS provider. Best of luck!

[SA-ChrisM]

As a suggestion, I would get a definitive list of what is and isn't provided in a security audit service from your provider and then shop around the forums a bit. You may get a better bang for your buck, and a more secure server by doing so.

Not all security packages are created equal. =)

[Jonathan Kinney]

I would definitely suggest more than an audit, its easy to scan for versions, or list all potential problems with a given piece of software, but it is another thing to tell you what must be done to correct the issue. Just be sure that what ever you do you have help with the part between knowing security holes to having them closed.

It may be easy for a person to "harden" their server, but you can only correct issues you know about, and even with my 10 years of security and network administration, I would not dare to say I know all the holes that exist, or know how to close them all, that would be foolish. With that point in mind, it does not hurt to get another perspective, such as a paid professional. I also could not say as a general statement that it is easy, because you do not know the experience level of every person reading.