Hello Pleskians! This week we’re back with the fourth episode of the Official Plesk Podcast: Next Level Ops. In this installment, Superhost Joe speaks to Igor Antipkin, Plesk’s Security Warlock. Igor shares his philosophy on the multifaceted role security plays in projects. And sheds light on how users can reduce security risks.
In This Episode: Threat Modelling, Thinking About Risks and How to Not Become a Security Engineer
What are some of the common security issues that end users encounter? How can users protect their servers against security vulnerabilities? According to Igor, there are no easy steps when it comes to server security. Instead, users can follow some general recommendations to identify and deal with risks.
“Security is a process,” says Igor, “It’s an approach that should be taken into account when you work on a project.” The first step is to identify potential security risks in the design phase of the project. Think, think and think some more. What kind of risks can you encounter? What should you best protect yourself from? “Just don’t think so much, otherwise you face the risk of becoming a security engineer,” says Igor.
Thank you Igor, we’ll make sure our listeners heed this piece of advice!
- Use threat modeling to identify potential security risks. Consider possible security risks in the project design phase. The kinds of threats and risks you might have – list them, write them down (and hopefully don’t leave your notebook lying around). One advantage of using this approach is minimizing the likelihood of security breaches. And it reduces rework in the later stages of your project.
- Educate your users about security risks. End users today should care more about security. Outdated software is the most common problem in this scenario. It’s important to keep your software up to date. And making sure that you install all the latest updates.
- Use the principle of least privileges. Limit user permissions based on individual roles to give access where it’s needed. This limits the amount of damage any single individual can do to a website or server.
- Be informed about the software you use. Inform yourself about software security as much as you can. Stay involved in the community to stay up to date about potential issues.
…Alright Pleskians, it’s time to hit the play button if you want to hear the rest. If you’re interested in Plesk extensions, check out our previous episode. If you want to check out some tools to spruce up your security, take a look at this guide. We’ll be back soon with the next installment.
The Official Plesk Podcast: Next Level Ops Featuring
Joe is a college-accredited course developer. He is the founder of Creator Courses.
Igor is a Security Engineer at Plesk.