Security for deployment hosts

The purpose of this guide is not so much providing complete cyber-security training, but highlighting some of the system setup aspects that are most important and/or specific to Platform security.

Essential check-list

  • The server is hosted in a provider and geography/legislation that doesn't put the mission of the deployment at risk.

  • HTTPS protocol (TLS) is enabled and securely configured for both API and client endpoints.

  • There is some sort of effective log rotation mechanism, preferably together with a low-level wiping mechanism.

    • On the Ushahidi Platform API installation folder under storage/logs

    • For the web server, PHP and MySQL logs as well

  • If hosting in a cloud or VPS provider, disk encryption with a specific ephemeral key is used.

  • Backups are scheduled, monitored, encrypted and regularly tested.

  • Latest updates are installed regularly for:

    • Operating system and core libraries

    • PHP, Web server and MySQL services

    • Ushahidi Platform