Is your Cloud backend service really secure ? Here's how you can find out ...

A lot of us have spun up VMs to host microservices, but, how many of us have even thought whether these VMs are secure ? What does secure even mean in the context of a VM ?

In the public cloud environment, security has a shared security model : the responsibility of the cloud provider is to manage the security of the host and that of the virtualization layer, while the end user is responsible for managing the guest operating system, specifically updates and security patches.

Every provisioned VM has network and security configurations associated with it, it is essential that there are no misconfigurations that might allow unauthorized access to the VM. Given that most of the cloud based VMs run on Linux, it is crucial to pay attention to the Linux settings as well.

Essential Steps to harden your backend VMs

In this introductory article, lets run through an essential set of steps for hardening your Linux VM.

Update the system frequently

As a first step, you should frequently update the operating system with security patches for various vulnerabilities. Use the distro provided package managers with verified source repositories for downloading the updates. In addition to the operating system, it is important to keep all applications and services running on the VM updated with the latest security patches.

Disable root SSH access

Even though this one is obvious, nearly 60% of servers in the real world have root SSH enabled protected by password and are thus susceptible to attacks. Allow access to only specific users, using non default ports, for example, instead of exposing SSH over port 22.

Double check network configurations

It is important to configure inbound and outbound access to the newly created VM. Check if the VM is absolutely required to be accessible over a public IP, in which case internet exposed devices need to be protected through authentication mechanisms like certificate based authentication, service to service based authentication. It is preferable to have private IPs assigned to the VMs and that they are accessible through a load balancer with a certificate based authentication. It is often seen that default outbound access is provided to VMs, do ensure that outbound internet access is not provided by default. Allow inbound access to specific IPs only.

Disable root admin user

A common mistake is to create a root admin userid with a loose password providing an easy access mechanism for malicious users to gain access to a server. Disabling root admin user will ensure that specific userids are created for users with a chosen authentication scheme.

Reduce attack surface

Implement principle of least-privilege so that processes and users are allowed to access only specific directories and files. For example, providing read only access to system directories for processes, providing write access to /var/log for logging, etc, these approaches will prevent processes from being exploited for privilege escalation.

Enable audit logging and monitoring

Use system level tools like auditd to log events, this is in addition to application level logging. These logs can then be shipped to a central logging system to provide an end to end flow of the happenings on any system.

Conclusion

In conclusion, securing your cloud-based VMs is a critical aspect of maintaining a robust and resilient IT infrastructure. By implementing the essential security measures outlined, you can significantly reduce the risk of unauthorized access and data breaches. It's important to remember that security is an ongoing process that requires continuous monitoring and adaptation to evolving threats.

I hope this has given you an overview of the essential security steps to take to protect your VM, in a forthcoming article, we will see how to use some of the tools in the Linux ecosystem for enhancing the security posture of your backend services.