Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

An Unflattering Commentary on Rackspace Cloud Server Security

DZone's Guide to

An Unflattering Commentary on Rackspace Cloud Server Security

· Cloud Zone
Free Resource

MongoDB Atlas is a database as a service that makes it easy to deploy, manage, and scale MongoDB. So you can focus on innovation, not operations. Brought to you in partnership with MongoDB.

I recently needed a new server instance for some testing. Normally I would go back to AWS, as I've had problems with Rackspace in the past. Being open minded and assuming things have changed in the last couple years I thought I'd go back and try out Rackspace cloud for my testing (for reasons I will not name here).

My first and most shocking revelation is that they have NOT fixed a key security problem. I'm going to outline this right now and hopefully somebody can fix it

Problem One: Log in as Root via SSH

Guys ... guys ... guys (or gals) ... It is baffling to me that you still allow this. Yes I get that you have a wonderful "Blacklist my server ip when something goes wrong" and "then disable access to my console to fix" routine going on to protect your network if MY machine gets compromised due to your silly lackadaisical security. Wait, that's actually a negative thing too. :) Please stop, I'm not going to use you as a provider until you fix this. In the interest of fairness I'll say, you DO generate a nice, secure, random looking password ... but that isn't really good enough in my book. At a minimum, generate a random password for a random (or hell, even let me name a user) userid, disable remote root access, and I MIGHT consider using your service, except for the next problem.

Problem Two: No Firewall Protecting the Machine by Default

So let's ignore the root access problem ... well, OK, we won't ... Now we have an aggravating problem ... BEFORE I even have an opportunity to do ANY hardening of the server, it's spun up and connected to the internet listening on SSH. While I get that in your book this isn't probably the end of the world, I'm quite "not thrilled" by this. I suppose this problem is mitigated by the fact that I need to install all my services manually, but I'm still not happy. Why wouldn't I get access to firewall rules (like I do in AWS) to limit the attack profile on my server (like to only allow SSH from my network)?

Rackspace, come on guys, I just can't believe you're still doing this, it's been a couple years now, you should've learned by now! I can't imagine this is an expensive proposition, hell, problem the first problem was already fixed by the Ubuntu team by default, you actually had to do work to defeat their efforts.

If your philosophical stance is that "This is an acceptable risk for my customers" well then, good luck to you, glad you made that decision for me, I'll be moving on to other providers that care about my business.

MongoDB Atlas is the best way to run MongoDB on AWS — highly secure by default, highly available, and fully elastic. Get started free. Brought to you in partnership with MongoDB.

Topics:

Published at DZone with permission of Michael Mainguy, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

The best of DZone straight to your inbox.

SEE AN EXAMPLE
Please provide a valid email address.

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.
Subscribe

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}