There are lots of hacking way to hack the internet server, i want to prevent my server by those types of hacking. How ?
Considered , I am hosting my Web Apps in AWS cloud or Google Cloud with Linux OS, And in this case lots of Linux commands to get complete files from one server to another server. Then what i will do?
And, What is the good combination of numbers to set File system permission in cloud server?
You can scan for open ports and stop any unnecessary system services.
Your question is quite ambiguous, but looks like you just want access control for file hosting. Look into SELinux.
Hi Chandan
You say you are hosting your web apps on either AWS or Google cloud. I wonder why your setup is done this way, and why you need to transfer files back and forth between these systems. Such activity adds to your potential vulnerabilities, and the more vulnerabilities, the more work you need to do to ensure your system is secure.
The best approach is to keep your system as simple as possible. Running on a single cloud server would be a good start for this approach. Custom build your operating system by removing all services which are not needed. Do the same for your web software. Minimise all permissions to the absolute minimum you can use. Sanitise all user input, but wherever possible, try not to allow users to input to your system. Check out the OWASP website (see link below). They can give you a huge range of suggestions to mitigate the kind of problems you are likely to face. They cover conventional systems, cloud systems, wireless systems and IoT systems. Most of these solutions are simple common sense, meaning there will be very little cost involved in protecting your web apps.
Also, make sure you take full steps to ensure you maintain a proper audit trail of all events concerning your web apps, such that you can know at all times who has accessed, added, modified, or deleted what files are on your system. This should be the only time you contemplate making your system split to more than one service provider, especially if you can restrict the information access on the second system. Also use a good Intrusion Detection System. Make sure that you monitor all system logs regularly. Indeed, you can write some code to do this for you which can send regular updates of any unusual activity. If you don't do this, you are likely to miss unwanted activity in your system.
The good news is that both AWS and Google Cloud are good at keeping their cloud systems secure, but all their efforts come to naught if you leave your own software vulnerable. So get reading and try to learn as much as possible about protecting your systems - and implement whatever you need to do to keep everything secure.
I hope that helps.
Regards
Bob
https://www.owasp.org/index.php/Main_Page
- Badges
- Science topic
- Similar topics
- Computer Science
- Computing