Security for deployment hosts

The purpose of this guide is not so much providing complete cyber-security training, but highlighting some of the system setup aspects that are most important and/or specific to Platform security.

Essential check-list

• The server is hosted in a provider and geography/legislation that doesn't put the mission of the deployment at risk.

• HTTPS protocol (TLS) is enabled and securely configured for both API and client endpoints.

• There is some sort of effective log rotation mechanism, preferably together with a low-level wiping mechanism.

  • On the Ushahidi Platform API installation folder under storage/logs

  • For the web server, PHP and MySQL logs as well

• If hosting in a cloud or VPS provider, disk encryption with a specific ephemeral key is used.

• Backups are scheduled, monitored, encrypted and regularly tested.

• Latest updates are installed regularly for:

  • Operating system and core libraries

  • PHP, Web server and MySQL services

  • Ushahidi Platform