One of the first concerns people have when they discover that Virtual Private Servers (VPS) involve sharing the same hardware with multiple users is ‘how secure is it?’. Fears range from whether other users of the platform can steal data through to how attacks from malicious people may compromise the server.
Let’s address the first concern by looking at how a VPS works. This starts with the software running on the main hardware server on which all the VPS are run. This software is called hypervisor software, and hardware servers running this hypervisor software are generally just referred to as hypervisors. The hypervisor software is responsible for managing the individual VPS running on a hardware server.
The hypervisor software controls how each VPS communicates with the hardware on the hypervisor server. This includes scheduling how the various VPS use the CPU resources, allocating them memory and managing their virtual hard disk images. When a VPS is created it has a hard disk image made for it. This image is where all of the data for that VPS will be stored. In the configuration for the VPS, the disk image will be referenced and only allowed to be used by the relevant VPS. When the VPS is booted up, the hypervisor software will allocate the required amount of memory for that VPS and ensure that only that specific VPS’s control processes are able to write to and read from it. These systems ensure that the data for each individual VPS, both in memory and on disk, is kept separate and secure.
With the hypervisor software keeping the the VPSs separate from each other and controlling how they run, the next question would be: ‘what is protecting the hypervisors from being attacked to get at all the VPS?’. Access to the hypervisors is tightly controlled and kept behind a number of network level security features, as well as firewalls, to ensure that attackers will be unable to target the hypervisors themselves. Similarly the storage servers which hold the disk images are protected in the same manner.
Finally comes the security of your individual VPS. As the VPS is a server in its own right it comes with all the security vulnerabilities of any other ‘non-virtual’ server. This means that a VPS is no more or less secure than running a dedicated server. It also means that the level of security your VPS is reliant on the configuration of the software on which it runs, and is vulnerable only to any flaws that may exist within that software. Securing an individual server is an in-depth topic that we won’t look at in any detail here, but secure server will generally make use of the following areas:
◉ Only run software that you need and remove software that you don’t.
◉ Configure any software that doesn’t need to communicate with the internet to only listen to local requests.
◉ Configure your firewall to limit access to important services to just those locations that need access and block anything that shouldn’t be public facing.
◉ Use strong secure passwords for user accounts.
◉ Disable superuser logins to the server, and only allow normal users to log in who must then request superuser access.
0 comments:
Post a Comment