Securing Your Droplet

preview_player
Показать описание
Secure your DigitalOcean Droplet from malicious actors attempting to compromise your systems. This talk will cover the foundations of securing your droplet, protecting your users, and keeping your data safe.

This Talk is Designed For
- Anyone who is spinning up a Droplet on DigitalOcean

Agenda
00:00 Introduction
01:45 SSH keys
08:05 Firewalls
17:48 Virtual private clouds
26:36 Service auditing
30:09 Unattended updates
34:02 Backing up
37:21 SSL/TLS encryption
41:21 Isolated execution environments
45:39 Q&A

Resources

About the Presenter

#digitalocean #droplet #security
  1. DigitalOcean
  2. DigitalOcean
  3. Digital Ocean
  4. Cloud
  5. Iaas
  6. Developers
Рекомендации по теме
Securing Your Droplet 1:01:54

Securing Your Droplet

Top Tips For 0:12:08

Top Tips For Securing Your Digital Ocean Droplet

Secure an Ubuntu 0:13:45

Secure an Ubuntu DigitalOcean Droplet

How To Protect 0:20:38

How To Protect Your Linux Server From Hackers!

How to Create 0:04:07

How to Create a Droplet on DigitalOcean

Create a Droplet 0:05:15

Create a Droplet on DigitalOcean | Beginner’s Guide to VPS Setup

How to Connect 0:10:08

How to Connect to Your Droplet While Having SSH Issues

#7: What is 0:04:41

#7: What is a Droplet? - DigitalOcean Tutorials

Why Droplet For 0:09:51

Why Droplet For Virtual Desktops and Bring Your Own Device (BYOD)

Droplet Computing Technical 0:18:26

Droplet Computing Technical Overview Demonstration with Fabian Hemmer

#dev_tip 2. Scale 0:01:38

#dev_tip 2. Scale down the DigitalOcean droplet

Creating a DigitalOcean 0:03:15

Creating a DigitalOcean Droplet and logging in using SSH

How to Create 0:09:21

How to Create a Droplet

Roots Tutorial: 2- 0:03:17

Roots Tutorial: 2- Get SSH Access to Your Droplet

How a Droplet 0:27:37

How a Droplet is Made – the Journey From UI to Bare Metal

Using Droplet Snapshot 0:01:02

Using Droplet Snapshot

Creating a DIGITALOCEAN 0:02:31

Creating a DIGITALOCEAN Droplet and Connecting from Your Laptop

2. Production Ready 0:07:25

2. Production Ready Server Setup - Creating a droplet in digital ocean with ssh keys

VPS Droplet Setup 1:37:37

VPS Droplet Setup SSH Firewall Git Certbot Move Files Step by Step Guide

Droplet Computing - 0:05:29

Droplet Computing - Secure By Design

How To Make 0:18:16

How To Make A Counter-Strike 2 (CS2) Game Server On A DigitalOcean Ubuntu Linux VPS (Droplet)

How to upgrade 0:04:44

How to upgrade or resize your Digital Ocean Droplet or VPS for better traffic.

SSH Tutorial | 0:16:38

SSH Tutorial | Digital Ocean Droplet Server

SawStop Table saw 0:00:13

SawStop Table saw hotdog test in slow motion from IWF and Rockler event

Комментарии
Автор

Hey @masonegger and @digitalocean guys :) Thanks for these talks! This week there was Securing Your Deploy webinar where the presenter was talking about levels to approach security in order to implement a plan from the MVP level to full scalability. I found that approach very useful in defining priorities mapped to product maturity. It would be nice to have this red line run through other talks too (Level1, 2 and 3). Would love to learn more about password/secret management from the level to a fully setup scalable, rotated keys in vault level solution.
Great job on the content in video, tutorials, community building. Thank you once again.

timeakiss_
Автор

Great video, I have one quesiton tho. Are these firewall setups enough? Would we need something else regarding firewall?

kaloyangeorgiev
Автор

It was a great and very helpful talk! @masonegger, could you share which are the good practices for outbound firewall rules? Thanks!

stefanvadev
Автор

Hey, Thanks for video, I learned many new things!!
Can you please let me know, how to prevent files access? I have setup digital ocean server and point a domain name to it. It works good with domain name. But when I try with ip along with folder path, all files directly accessible (along with .env file). How can I enhance my server security to reduce these kind of risk?

AkashSharma-idpv
Автор

question about SSL, what is the difference between certbot and "paid" certificates from godaddy?

icalculi
Автор

The SSH rule added after at 25:32 doesnt make sense to me - the inbound rule here allows SSH connections from source IP's in the VPC range, but to what? What machine(s) are now limited to inbound connections from our VPC? I dont see how this links to droplets in the VPC? Its like we should apply this rule to the VPC, but we dont.

As an example - if you wanted to only allow a specific IP to SSH into anything inside the VPC (for example, only allow SSHing into your VPC servers from your static business IP address), I dont see how adding the value at 25:32 appends this rule to the VPC. All this rule does is allow SSH connections from a source - it doesnt apply it to any machine or network though?

CardinalHijack