We have Security groups in place to protect the incoming and outgoing traffic on the EC2 Instances,
Only HTTP/HTTPS ports are allowed to world access.
Database ports all allowed to connect on internal IPs and our Development Teams IPs only.
All the required ports are only open to Development Teams IPs that too on demand only and not all the time.
All the unnecessary ports are not opened to anyone, this will be opened only with proper written communication and approval from the client himself.
Only users having the access keys and using Development teams IPs are allowed to log into the specific servers/services.
Any unauthorized access is blocked at the firewall level if the origin IP is not listed in the firewall.
Further, as the second level of security, we have access keys defined for all the services/servers. The combination of IP, Access key and password will allow access to the AWS Server/services.
Security Level - Passwords
Following things are taken care at the application level.
If any user fails more than 3 login attempts on the same go then we are blocking that account and forwarding an email to registered email address saying the account is blocked for security reasons.Hence preventing Bruteforce attacks.
We are encrypting the password before we store that critical information into the database.
Follow these best practices to ensure your data is secure:
Keep your login private
Create strong passwords
Change passwords every 6 months
Always log out when you are away from your work station