3

I'm in the process of setting up a Ubuntu server on Amazon Web Services / EC2, which will need to host the following:

  • A relatively simple Java-based website (using the Noir framework)
  • A Java-based web service and REST API
  • Some method of logging in remotely via SSH or equivalent so I can administer the server

Before I open it to the public, what are the key steps I should take to ensure this type of server is secure?

AviD
  • 72,138
  • 22
  • 136
  • 218
mikera
  • 133
  • 5

2 Answers2

5

Have a read of the answers on the Hardening Linux Server question for guidance on the server part.

Using EC2 shouldn't change your basic security concepts - but be aware of the implications of using a cloud service, especially in the following areas:

  • availability - for a single instance, you could find you have less control over availability
  • security of hypervisor - you have little control over their end so need to trust Amazon, but make sure your login to Amazon is protected at your end

SSH definitely is a good idea - and using certificates is recommended over solely using username and password.

As regards securing java - that could depend on a wide variety of factors. Possibly worth asking a separate question.

Community
  • 1
Rory Alsop
  • 61,367
  • 12
  • 115
  • 320
5

Dont overlook security groups in EC2 as well. It is good practice to firewall administrative ports like ssh (22) to just your ip. If you choose to leave ssh publicly reachable, think about installing fail2ban to prevent brute force attacks.

neil
  • 478
  • 4
  • 8