DigitalOcean Kubernetes: new control plane is faster and free, enable HA for 99.95% uptime SLA

Related

Attempting to run a bash script via user-data on creation isn't working and no logs
Question
Anybody who has set up Postfix/Dovecot with TLS?
Question

Question

Security review - are we secure enough?

We have configured a CentOS droplet that will be home to three mobile applications and a few websites. We have installed WHM/cPanel, nodejs, angularjs, mysql and npm to monitor it all.

The droplet was configured by the developer of the application. We are looking for a community member to security test our environment and recommend any changes, for which we will pay an hourly rate to first make recommendations and then secondly to carry out any necessary changes to the environment. This is to ensure we have a safe and secure set up and independently test the developers work. We will also be employing a mobile app developer to review the actual coding of the application and portal website that controls that. So this work is just to ensure the security of the droplet is robust. I can be contacted at andy@cyw.solutions if you are interested in this project. Many thanks Andy

Subscribe
Share
Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

alexdoSeptember 15, 2020

Hello, all

A little update on this question.

I’ve recently posted a mini tutorial related with PCI Compliance scan where the outdated TLS versions had to be disabled in order the user to pass the scan. You can check it here:

https://www.digitalocean.com/community/questions/disable-old-tls-versions-1-0-1-1-for-apache-nginx-on-ubuntu-18-04-or-centos-7

Hope this helps! Regards, Alex

alexdoJanuary 30, 2020

Hello, @andyparr1

I will recommend you to secure the server at level same as when applying for PCI compliance. This includes to get rid of all of the old TLS supported versions, disable FTP and insecure mail ports, also disable any port which is not needed and leave just those you actually use (22, 80, 443 and etc). You can also update all the security ciphers for Apache and the rest of the cPanel services as well.

With cPanel you also have the option to use the Host Access Control meaning that you can close every port and make it available only for whitelisted IPs. This is something which is really handy as you can allow only your IP addresses to connect to the server.

Regards, Alex

Join the DigitalOcean CommunityCommunity

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner

Related

Attempting to run a bash script via user-data on creation isn't working and no logs
Question
Anybody who has set up Postfix/Dovecot with TLS?
Question

Try DigitalOcean for free

Click below to sign up and get $100 of credit to try our products over 60 days!

Sign up