A Chat With Slicehost Support

Main.AChatWithSlicehostSupport History

Hide minor edits - Show changes to output

Added lines 1-3:

Deleted lines 0-1:
Added lines 2-5:

You walk into https://chat.slicehost.com/
and within seconds, you have a support person answering you.
Added lines 1-2:
Changed line 14 from:
{{{
to:
[@
Changed line 39 from:
}}}
to:
@]
Added lines 1-40:
An interesting chat with slicehost support, about security and responsibility on their slices. Also a great example of what modern IT support can look like.

I contacted them to hear about

* who takes responsibility for what on a slice
* firewalls / port restrictions on their slices

The short summary is:

* As the user of a slice, you are fully responsible for your systems security - by default, the slices are fully open and unprotected.

Here s the chat:

{{{
sebastian has entered the room
10:45:33 AM sebastian hello @ slicehost
10:45:41 AM *Sulo hi
10:46:46 AM sebastian i d like to ask a question regarding firewalls and ports - many of my colleagues here at university are using slices, and i was wondering:
10:47:18 AM sebastian when you get a default linux slice, are there firewalls / port restrictions in front of that, or is such a slice fully open?
10:51:26 AM *Jon When you first sign up, your slice is fully open. You get a fairly bare, simple image. We highly recommend you set up a firewall once you get your slice up.
10:52:03 AM *Jon We have some guides to help walk you through that set up here: https://support.slicehost.com/admin.php?pg=request&reqid=472479
10:52:32 AM *Nate sebastian: certain distro's such as RHEL and CentOS have a pre-configured firewall
10:52:47 AM *Jon http://articles.slicehost.com/
10:53:07 AM sebastian But. in any case - it s the users responsibility, yes?
10:53:25 AM *Nate sebastian: check out - http://articles.slicehost.com/2011/2/21/introducing-iptables-part-1 and http://articles.slicehost.com/2011/2/21/introducing-iptables-part-2 and http://articles.slicehost.com/2011/2/21/introducing-iptables-part-3
10:53:32 AM sebastian i m asking cos in that case i d wanna educate my colleagues a bit :)
10:53:44 AM *Nate sebastian: you don't have to setup a firewall.
10:54:07 AM *Nate sebastian: it can help prevent compromises though
10:55:01 AM sebastian get it. that s my point. so, i should educate colleagues to not have a user "test/test" :)
10:55:17 AM *Nate yeah, exactly
10:56:16 AM sebastian because, if they do and find a nice little rootkit installed on their slice - it s their own responsibility
10:56:57 AM sebastian there s no slicehost infrastructure around the slices that ll protect them much
10:58:00 AM *Nate sebastian: not so much. We do network maintenance regarding DDOS and those types of attacks. You can use fail2ban and similar to fight off forced entry etc
10:59:59 AM sebastian right, yes that s the kinda tools i recommend to folks - fail2ban, denyhosts, etc
11:00:51 AM sebastian thanks - got all my Qs answered :)
11:01:09 AM *Nate sebastian: no problem. Let us know if you need anything else
11:03:37 AM sebastian thanks - good support mode btw - beats mail n phone.
11:03:57 AM *Nate sebastian: heh, I hear that
}}}