Chapter 9. Keeping Your System Secure

Table of Contents

9.1. Checking system notifications
9.2. Avoiding weak passwords
9.3. Keep your software current

This chapter describes the features we provide to help increase your system security, and offer tips and suggestions on what you can do to help ensure your system remains secure.

9.1. Checking system notifications

The Symbiosis system is comprised of many components, each working together to deliver a complete solution to your hosting needs. Different systems and components of your server will generate email notifications to alert you of important events and warnings. It is important that such emails are read.

By default all system-generated emails will be delivered to the root user of your primary domain. (This is the first domain which is configured when your machine is setup, and will probably be a name such as example.vm.bytemark.co.uk.)

Rather than make it mandatory that you read the root mailbox it is suggested that you configure email forwarding such that mail sent to root@example.vm.bytemark.co.uk is delivered to your personal email address.

9.2. Avoiding weak passwords

A common means of compromising machines is known as a "dictionary attack", this involves a remote user (or computer) trying to connect to a server with a collection of thousands of usernames and passwords.

This dictionary of usernames and passwords will include common choices such as a username of "test" and a password of "test", along with many other less-likely looking candidates. Detecting these attempts is very straightforward, and is something that our system manages as documented in Section 14.2, “Blocking abusive remote hosts”.

Note

This important security measure can catch you out if you repeatedly attempt to access the server using incorrect credentials, as you’re likely to find your own IP address becomes blacklisted. See Section 20.2, “Firewall problems?” for help with this situation.

The best defense is to ensure that when you add users, or change system passwords, that you never ever choose simple passwords which might be liable to be guessed, or included in an attackers' dictionary.

There is a regular test on all the passwords used to access email and FTP under Symbiosis, the output of which will get sent to the root email account, please see the note in earlier in this chapter regarding email notifications.

9.3. Keep your software current

Over time security bugs can be found in software packages, and if such a problem is discovered in a package you’re using then your machine is at risk until it has been updated.

The Symbiosis system is configured to automatically download and install appropriate security updates to the packages in the base operating system and from the Symbiosis repository itself.

However if you’ve chosen to install additional, external, applications such as Wordpress you must ensure that you look for updates regularly. Often this can be done by subscribing to the application’s announcements mailing list.