Related

How to install mcrypt on CentOS 7.6? Question Question
When will a CentOS 8 image be available for deployment on DigitalOcean Droplets? Question Question

Question

Security review - are we secure enough?

Posted January 17, 2020 438 views
CentOS

We have configured a CentOS droplet that will be home to three mobile applications and a few websites. We have installed WHM/cPanel, nodejs, angularjs, mysql and npm to monitor it all.

The droplet was configured by the developer of the application. We are looking for a community member to security test our environment and recommend any changes, for which we will pay an hourly rate to first make recommendations and then secondly to carry out any necessary changes to the environment. This is to ensure we have a safe and secure set up and independently test the developers work. We will also be employing a mobile app developer to review the actual coding of the application and portal website that controls that. So this work is just to ensure the security of the droplet is robust.
I can be contacted at andy@cyw.solutions if you are interested in this project.
Many thanks
Andy

Add a comment
andyparr1
By:
andyparr1
Add a comment

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
2 answers
alexdo January 30, 2020

Hello, @andyparr1

I will recommend you to secure the server at level same as when applying for PCI compliance. This includes to get rid of all of the old TLS supported versions, disable FTP and insecure mail ports, also disable any port which is not needed and leave just those you actually use (22, 80, 443 and etc). You can also update all the security ciphers for Apache and the rest of the cPanel services as well.

With cPanel you also have the option to use the Host Access Control meaning that you can close every port and make it available only for whitelisted IPs. This is something which is really handy as you can allow only your IP addresses to connect to the server.

Regards,
Alex

Reply Report
alexdo September 15, 2020

Hello, all

A little update on this question.

I’ve recently posted a mini tutorial related with PCI Compliance scan where the outdated TLS versions had to be disabled in order the user to pass the scan. You can check it here:

https://www.digitalocean.com/community/questions/disable-old-tls-versions-1-0-1-1-for-apache-nginx-on-ubuntu-18-04-or-centos-7

Hope this helps!
Regards,
Alex

Reply Report
Submit an Answer

Related

Looking for something else?

Ask a new question Search for more help