A Chat With Slicehost Support

Main.AChatWithSlicehostSupport History

Hide minor edits - Show changes to markup

Added lines 1-3:
Deleted lines 0-1:
Added lines 2-5:

You walk into https://chat.slicehost.com/ and within seconds, you have a support person answering you.

Added lines 1-2:
Changed line 14 from:

{{{

to:

[@

Changed line 39 from:

}}}

to:

@]

Added lines 1-40:

An interesting chat with slicehost support, about security and responsibility on their slices. Also a great example of what modern IT support can look like.

I contacted them to hear about

  • who takes responsibility for what on a slice
  • firewalls / port restrictions on their slices

The short summary is:

  • As the user of a slice, you are fully responsible for your systems security - by default, the slices are fully open and unprotected.

Here s the chat:

{{{ sebastian has entered the room 10:45:33 AM sebastian hello @ slicehost 10:45:41 AM *Sulo hi 10:46:46 AM sebastian i d like to ask a question regarding firewalls and ports - many of my colleagues here at university are using slices, and i was wondering: 10:47:18 AM sebastian when you get a default linux slice, are there firewalls / port restrictions in front of that, or is such a slice fully open? 10:51:26 AM *Jon When you first sign up, your slice is fully open. You get a fairly bare, simple image. We highly recommend you set up a firewall once you get your slice up. 10:52:03 AM *Jon We have some guides to help walk you through that set up here: https://support.slicehost.com/admin.php?pg=request&reqid=472479 10:52:32 AM *Nate sebastian: certain distro's such as RHEL and CentOS have a pre-configured firewall 10:52:47 AM *Jon http://articles.slicehost.com/ 10:53:07 AM sebastian But. in any case - it s the users responsibility, yes? 10:53:25 AM *Nate sebastian: check out - http://articles.slicehost.com/2011/2/21/introducing-iptables-part-1 and http://articles.slicehost.com/2011/2/21/introducing-iptables-part-2 and http://articles.slicehost.com/2011/2/21/introducing-iptables-part-3 10:53:32 AM sebastian i m asking cos in that case i d wanna educate my colleagues a bit :) 10:53:44 AM *Nate sebastian: you don't have to setup a firewall. 10:54:07 AM *Nate sebastian: it can help prevent compromises though 10:55:01 AM sebastian get it. that s my point. so, i should educate colleagues to not have a user "test/test" :) 10:55:17 AM *Nate yeah, exactly 10:56:16 AM sebastian because, if they do and find a nice little rootkit installed on their slice - it s their own responsibility 10:56:57 AM sebastian there s no slicehost infrastructure around the slices that ll protect them much 10:58:00 AM *Nate sebastian: not so much. We do network maintenance regarding DDOS and those types of attacks. You can use fail2ban and similar to fight off forced entry etc 10:59:59 AM sebastian right, yes that s the kinda tools i recommend to folks - fail2ban, denyhosts, etc 11:00:51 AM sebastian thanks - got all my Qs answered :) 11:01:09 AM *Nate sebastian: no problem. Let us know if you need anything else 11:03:37 AM sebastian thanks - good support mode btw - beats mail n phone. 11:03:57 AM *Nate sebastian: heh, I hear that }}}