Secure your LA infrastructure

Draft

Basic mesures

Firewall

Allow basic input traffic 22/80/443 (tcp) from the outside. Restrict external access to solr web interface.

If you want to restring the internal traffic is more complex. Initially you can open all ports between your VMs and internal IP address as a start while you discover which ports use each services and adapt it to your infrastructure.

ufw

If you don't need a complicated firewall configuration you can use this ansible ufw role to fast configure the iptables in your machines.

Other recommendations

Use fail2ban for prevent brute force in those services (http/s and ssh authentication). If you use wordpress in your node, also there is a good fail2ban wordpress plugin that integrates well with fail2ban.

Other resources

Basic Auth in your LA node without CAS
this ansell comment about a solr6 security issue

End

Index

Wiki home
Community
Getting Started
Support
- LA Netiquette. Asking the smart way
- Troubleshooting
Portals in production
ALA modules
Demonstration portal
- Requirements
- Installation of ala-demo
Data management in ALA Architecture
DataHub
- Data Hub
Customization
Internationalization (i18n)
Administration system
Contribution to main project
- Good practices
Study case
- Setting up Atlas of Living Scotland

Secure your LA infrastructure

Basic mesures

Firewall

ufw

Other recommendations

Other resources

End

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!