How to Secure Clusters

Data in your managed cluster is encrypted at rest using the LUKS (Linux Unified Key Setup) specification and in transit with SSL. However, you can take additional steps to ensure that your data is safe in several ways.

Increase the SSL Mode Verification Level

By default, you must use SSL to transmit data because it prevents eavesdropping on administrative usernames and passwords as well as the data itself as it is transmitted. However, SSL doesn’t protect against man-in-the-middle (MITM) attacks or impersonation.

There are additional SSL modes you can enable to check for these attacks, but they’re disabled by default because they can affect performance. The table below links to database-specific SSL mode documentation.

Database Additional Modes
PostgreSQL verify-ca, verify-full

Restrict Incoming Connections

You can greatly decrease the likelihood of a security breach by restricting which DigitalOcean resources or external IP addresses are allowed to access the nodes in a cluster. This prevents brute force password and denial-of-service attacks from any server not explicitly permitted to communicate with the cluster.

Typical configurations restrict cluster access to application servers and restrict connections to the local machines of cluster administrators. Users access the public-facing site; in turn, the public-facing server authenticates and manages database connections.

To restrict access to a database cluster, locate the cluster in the control panel and visit its Settings tab. In the section titled Allowed inbound sources, you can enter Droplets, Kubernetes clusters, tags, or specific IP addresses. At this time, DigitalOcean Cloud Firewalls are not supported.

In addition, the IP address of the machine you’re using will appear in the dropdown. This local IP address may change from time to time, and when it does, you will be denied access to the node from you local machine. To fix that, visit the control panel and add the new IP address.