Recommendations
Recommendations
Although it may be common knowledge for most system administrators and technical suppliers, please always follow the recommendations below to maintain the stability and security of your Linux system:
-
Apply Linux hardening measures. CoCoS performs some hardening actions by default, but it's always best to extend hardening as much as possible.
-
Keep your Linux distribution fully up to date. Use services provided by CoCoS suppliers or CoCoS developers if needed to stay current.
-
Update your CoCoS version regularly by acquiring a software and service subscription.
- Never use CoCoS in a public environment unless it's security using a professional and secure firewall configured by a professional security expert.
- Keep SSL certificates up to date or enable Let's encrypt on the CoCoS server.
- Use VPN or better, out-of-band management, to manage servers.
- Use GEO fencing to secure access to Linux servers.
- Use an external Web Application Firewall to secure access to Linux servers.
- Enforce HTTPS (SSL/TLS) and Redirect HTTP to HTTPS automatically
Checklist linux hardening
- Firewall enabled
- TCP and UDP ports restricted
- SSH configured without root acces
- HTTPS enforced with string TLS
- Keep OS, Packages and CoCoS up-to-date
- Install a Web Application Firewall like ModSecurity 2
- Setup notification rules in CoCoS to actively anlyze errors in logs
- Scan for vulnerabilities regulary