What security measures does Cleavr employ for provisioned servers?
Server security is of the utmost importance.
Each of the cloud providers that we integrate with have a set of security standards, compliance, and certifications that they stand by. Here are links to each providers security sections:
- AWS - https://aws.amazon.com/security/
- DigitalOcean - https://www.digitalocean.com/legal/certifications/
- Hetzner - https://www.hetzner.com/assets/Uploads/downloads/Sicherheit-en.pdf
- Linode - https://www.linode.com/legal-security/
- Vultr - https://www.vultr.com/docs/category/security/
In addition to security measures taken by your chosen cloud provider(s), Cleavr performs the following security actions when provisioning your servers:
- Installs fail2ban - an intrusion prevention framework that helps prevent servers from brute-force attacks
- Configures Uncomplicated Firewall (UFW) - a firewall config tool that comes standard with Ubuntu, by opening ports 80, 443, and 22 and denying all other incoming connections and enables logging
- Sets up SSH private and public keys to allow for secured remote connections
- Configures server to automatically install server level security updates
What additional security measures does Cleavr employ?
We go through great lengths to ensure your information is secured as much as possible within the Cleavr system. We do this by:
- Never saving important server access information, including sudo password, database password, environment variables, and SSH keys. Cleavr is used as an interface to create and distribute this information to your provisioned servers; however, this information is not stored in Cleavr’s databases.
- Encrypting sensitive data in our database
- Not displaying back-end identifiers in URLs