Unless you keep your computer disconnected from a network and under a secure lock; there will always be potentials for security compromise.
Statement above is not to scare you from connecting your machine to network, but to give you an idea that there is nothing like a “perfectly secured and networked computer”. The best we can do is to harden the security and monitor it actively. Especially when it is a server system running 24×7 and serving your critical data to whole population.
Most part of this article is taken from my setup experience for my first dedicated server, which I tuned for my hosting needs. Thanks to my ISP, they hooked a KVM-IP switch to my box and allowed me to install my own true minimal CentOS with OpenVZ.
After many careful considerations and experiments, I decided to factor my hosting infrastructure into 3 VPS (virtual private server). Two counts of “web node” and one count of “database node” were configured to provide some level of fail-over and high availability.
Both “web node” are totally identical except their IP address. They both has a public IP assigned and run PowerDNS and “Lighttpd + PHP”. PowerDNS is configured for Round robin DNS and will redirect the request to any available “web node”. The “database node” has no IP assigned and provides communication over unix domain socket (or named socket). MySQL can not be reached over TCP hence adding one more layer of security from possible network attack.
Please check followings sub-articles for individual setup details.
- Lighttpd - Lighty setup
- PDNS - PowerDNS with MySQL backend
- MySQL - No network configuration
Cheers,
Sudhaker