Security for deployment hosts

The purpose of this guide is not so much providing complete cyber-security training, but highlighting some of the system setup aspects that are most important and/or specific to Platform security.

Essential check-list

  • The server is hosted in a provider and geography/legislation that doesn't put the mission of the deployment at risk.
  • HTTPS protocol (TLS) is enabled and securely configured for both API and client endpoints.
  • There is some sort of effective log rotation mechanism, preferably together with a low-level wiping mechanism.
    • On the Ushahidi Platform API installation folder under storage/logs
    • For the web server, PHP and MySQL logs as well
  • If hosting in a cloud or VPS provider, disk encryption with a specific ephemeral key is used.
  • Backups are scheduled, monitored, encrypted and regularly tested.
  • Latest updates are installed regularly for:
    • Operating system and core libraries
    • PHP, Web server and MySQL services
    • Ushahidi Platform