I run my own website and am worried about the security concerns, this website will be commercial and will contain valuable information so I can’t risk any breach. I’ve read many of the digitalocean tutorials, i’ve set up the accounts, disabled password login to use only ssh, use sftp, disabled remote root login, enabled firewall, added fail2ban, etc.
The problem is that i am not aware on what it takes for a server to have a very solid protection, i am willing to buy management software (if it simplifies other stuff much better) or hire a server admin if necessary, i don’t expect it to cost a fortune tho, so this is pretty much my situation.
Bye!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Perhaps you are worried too. If you choose a good VPS provider, security is nothing to worry about
If you are looking for Linux server management check this out Linux Server Management they provide server management including monitoring and security updates.
I’ve been told that Serverpilot.io would be a good start for maintaining security automatically for you, especially their paid service
I asked on serverfault (http://serverfault.com/questions/752194/is-it-time-consuming-and-does-it-require-much-knowledge-to-maintain-a-vps-and-ha) and they told me it takes a lot to learn from begining. I don’t mind spending 2 days learning, i would also like to learn it, but my worry is if it takes a lot of time to learn.
It sounds like you’re already on the right track. Just like a desktop system or laptop, the most important thing you can do is be sure you are keeping all of your software up to date. I’d recommend using OS provided packages for as much of your software as you can, since these are generally regularly updated. Also be sure to actually run package updates on a regular basis (either manually or via a cron job).
Some other things to consider:
I’m sure I could think of more if I thought about it a little longer, but these should be a good start. Security, however, is a moving target. You want to stay at least one step ahead of the bad guys, so when they find a new way to attack, you need to have your artillery in place to meet them.
Keeping a VPS up to date is no different from keeping any server up to date.
The simplest means to do this is to have a routine cron job which runs an automated update (though you should be somewhat wary of just blindly installing package updates on Prod servers without having verified them on Dev boxen).
For example, one of my servers (CentOS 6) has the following entry as root in its crontab: