Hi everyone,
I have been running a trading system from home for sometime. Due to the power/network outage issues, I want to move it to a datacenter. I have talked to the sales rep of a premier data center near CME with regards to a dedicated system. He gave me multiple options and I can’t decide whats right for me. Any inputs/pointers can help.
My current system:
My trading system runs on ubuntu 14.04 for now. I use port 80 to access the configs of the system. Nginx directs client requests to my trading system… and that’s how I tune my system remotely depending on the daily trading conditions. I access it through ssh, samba mount. I don’t worry about security since this is running from my home behind a firewall.
Datacenter options:
1. Colo option if I provide them with a server.
2. Dedicated system that the data center is going to provide me.
I have asked for security options for the dedicated system option and the datacenter folks have proposed that do the following:
1. Full VPN connection with a hardware firewall to the server
2. I can access the system ONLY if I log in through the VPN and the firewall is going to restrict non VPN connections.
3. IP address whitelisting… and all the bells & whistles
After looking at the options I am wondering if I am going overboard here. If I have a CIS config on a say Redhad 7.x imabe and close all the ports to incoming requests… will the system be secure enough for me. I can access port 80 through ssh tunnel and get by with my trading. I can turn off samba and simply rely on sshfs for filesystem mounts on remote machines. Is this good enough and do I need a VPN? How do others do this? I am confused. If I following all the best practices of SSH, do I still need to worry about hacking? Any pointers can help
thanks
I have been running a trading system from home for sometime. Due to the power/network outage issues, I want to move it to a datacenter. I have talked to the sales rep of a premier data center near CME with regards to a dedicated system. He gave me multiple options and I can’t decide whats right for me. Any inputs/pointers can help.
My current system:
My trading system runs on ubuntu 14.04 for now. I use port 80 to access the configs of the system. Nginx directs client requests to my trading system… and that’s how I tune my system remotely depending on the daily trading conditions. I access it through ssh, samba mount. I don’t worry about security since this is running from my home behind a firewall.
Datacenter options:
1. Colo option if I provide them with a server.
2. Dedicated system that the data center is going to provide me.
I have asked for security options for the dedicated system option and the datacenter folks have proposed that do the following:
1. Full VPN connection with a hardware firewall to the server
2. I can access the system ONLY if I log in through the VPN and the firewall is going to restrict non VPN connections.
3. IP address whitelisting… and all the bells & whistles
After looking at the options I am wondering if I am going overboard here. If I have a CIS config on a say Redhad 7.x imabe and close all the ports to incoming requests… will the system be secure enough for me. I can access port 80 through ssh tunnel and get by with my trading. I can turn off samba and simply rely on sshfs for filesystem mounts on remote machines. Is this good enough and do I need a VPN? How do others do this? I am confused. If I following all the best practices of SSH, do I still need to worry about hacking? Any pointers can help
thanks
