Cyber Security and Backups


Summary

This article is about how to secure data and keep your Machpanel system backed up.

DATA SECURITY

It is an established fact that data is the most critical part of any business today. There is always a chance that big businesses in cloud and hosting industry and their customers/users become a target for cybercrime. 

With this ever growing concern of a backdoor/bug penetrating through external sources, it is important that all our customers are aware of known security risks and do their best to take all necessary precautions. 

KEY NOTES ON DATA SECURITY
These precautions may include but be limited to:
  1. Ensuring strong passwords in combination with 2FA, 
  2. Changing the passwords on regular intervals or set up automatic password expiring policy
  3. Implementing the IP Blocking feature thereby allowing admin access from specific IPs only.
  4. Implement Port blocking via Firewall so that only the required ports are enabled.
  5. Up to date Antivirus protection should be implemented to present a security layer. 
  6. To maintain regular Online and Offline Backups (daily backups). These backups should be put in password protected zip file and stored at multiple sources so that even if one machine is affected by a security breach, the backup from other location would allow effective restoration of business data and activities.
SECURITY GUIDELINES:

To be more elaborative, we would like our customers to familiarize themselves with and adhere to the below security guidelines:

 

1.     Update Applications and System when available.

    1. Keep Browsers & Plugins updated
    2. Update the OS & other applications
    3. Use Security applications, such as anti-virus/anti-malware

·       Choose reputable, well-known, well-tested

    1. Choose secure settings recommended by the software vendor
    2. Keep Security applications updated

·       Use Stable versions with latest security patches

    1. Remove unnecessary/insecure 3rd-party apps, especially those of low reputation
  1. Configure Multi-Factor Authentication for sensitive user accounts.
  2. Be a part of Secure Network
    1. Minimize open network ports, open only TCP 443 for MachPanel Front Facing. And TCP 7860 for MachPanel Control and Remote communication on Internal Network.
    2. Manage and audit firewall and firewall rules
    3. Monitor and log all access attempts
    4. Use IP Lockdown / Blocking, Port Blocking techniques.
  3. Keep MachPanel front-facing websites secure via SSL by trusted SSL providers.
  4. Keep all your passwords safe and strong. Change your passwords periodically.
  5. Use strong password policy for Active Directory and MachPanel logins.
  6. Keep server clock in-sync
  7. Harden Remote access to MachPanel Server.
  8. Periodically review logs for suspicious activity
    1. Authentications
    2. User Access activity & changes
    3. Privilege Elevation & usage
  9. Maintain server logging, monitor periodically
    1. Mirror logs to a separate log server
    2. Scans/Audits of the server - check for malware/hacks
  10. Backup Considerations:
    1. Use regular VM snapshots, MachPanel database/application/file backups. Maintaining backup schedule and alerts.
    2. Use Disaster Recovery (DR) and High-Availability (HA) safeguards
    3. Periodically review and practice Recovery steps
    4. Establish a periodic archive of your data to a remote site / data storage location