In our last post on securing Rackspace cloud servers, we talked about closing service ports like RDP and SSH to ward off hackers and enable secure, remote access. So now that we’ve locked the machines down, let’s turn our attention to management.
Security management is often overlooked as a critical enabler to the success of one’s security. But that’s a mistake. In fact, it’s a HUGE mistake, and some folks have learned that the hard way (e.g., anyone that bought DLP or SIEM).
If your security isn’t manageable, it’s not going to be effective. And one of the foremost necessary controls to making cloud security manageable, even in Rackspace (and I’ll get to why in a second), is the ability to apply group-based controls for similar types of servers.
Security Tip #2:
Create Group-based Policies For Your Rackspace Cloud Servers
Rackspace has done an awesome job of making their UI clean and easy to use. Compared to many, in fact, they’re way ahead of the game! When it comes to security, however, security groups is a feature they haven’t yet added. But that’s okay, because Dome9 has them and they’re available now.
Dome9 security groups for Rackspace are arguably more capable than those offered by any other provider. So, if you’re a Rackspace customer, don’t worry – you can sign up and use Dome9 (for free, in fact), and get even better security management than what the other guy offers.
Security groups let you consolidate security policy management for similar types of machines. By example, say you have four load-balanced web and two SQL database servers. That’s six servers, right? Well, with security groups, you can create just one policy for your web servers, and only a second for your SQL servers. That’s just two policies to manage for all six machines. That makes life a lot simpler!
Here’s what a Dome9 Rackspace MySQL security group might look like:
Now just six servers may not sound like much, but as you add more and more, and as you add users, things can get pretty complex. What’s more, imagine if you scale up to 60 or 600 servers… now security groups become really important!
Why is Dome9’s security groups better than others? Well, aside from the many other benefits of Dome9 such as secure access leasing and theChrome extension, our security groups work across platforms. And by that I mean they simultaneously work across multiple cloud infrastructures – private, public, Rackspace, non-Rackspace, etc. So, if you’ve got a mixed topology (which we all do), you can centralize policy administration for all your server firewalls using Dome9. This provides a lot of power with a tremendous amount of scalability and flexibility.
Here’s an example of what a hybrid private and Rackspace cloud Windows security group might look like in Dome9:
Check back here over the coming weeks to get more tips on securing Rackspace cloud servers, or learn more now.