Current best practice for securing a droplet?

July 19, 2018 957 views
PostgreSQL Security Ubuntu 18.04

I see a lot of the most recent tutorials only detail securing a droplet with UFW or the DO droplet firewall. I recall a number of years ago there were many tutorials advocating Fail2Ban etc. are these still recommended?

I currently use SSH with public key login only, no passwords and wish to use my droplet to host a Postgres database for remote usage whilst developing a django app which I'll eventually host on DO.

1 Answer

There is no “one size fits all” solution for security, but generally, utilities such as fail2ban are good to have installed :)

You’ve already done a decent job of securing your server, but some things you should do are:

  • keep everything updated (just make sure that you don’t update on something critical before checking for compatibility on another server/droplet)
  • enable the firewall and only allow the IP address(es) for the servers that will access the database
  • block nonessential ports
  • change the SSH port to something other than 22

(there are definitely more things you can do, but this is just a small list of things I have off the top of my mind right now)

I hope this helps!

Aaron

Have another answer? Share your knowledge.