How are Hatchbox servers hardened for security?

There are several things we do to make sure your servers have good security defaults:

• We disable password authentication for SSH. You can only login with SSH keys.

• UFW (uncomplicated firewall) is installed and configured only to allow the following ports publicly

  • 22 (SSH) on all servers

  • 80 (HTTP), and 443 (HTTPS) on web servers

• In a multi-server cluster, Hatchbox also configures UFW to firewall the internal datacenter network. Traffic is only allowed between your servers.

• Security updates are automatically installed.

Can I use fail2ban?

Of course! We recommend adding it if you feel comfortable using it.