Before Vineyard.NET, I had always handled the security of my own computer system with a few simple and reliable policies: don’t run any services that might be unsecure; don’t give out accounts to people you don’t know; and disconnect your computer from the Internet when you are not around. The monitoring that I did, insofar as I did any, was haphazard.
Clearly, those techniques would not work for a commercial service such as Vineyard.NET. Instead, I needed to design and deploy a system that could be readily maintained, defended, and scaled.
From the start, Vineyard.NET’s security was one of my primary concerns. As the coauthor of several books on computer security, I knew any Internet service that I was involved with might be a target.
But there were other reasons that I was concerned about security. Vineyard.NET is a company that depended on computers that were connected to the Internet. If these computers were broken into and compromised, our reputation would be damaged, we would lose customers, and we would lose time required to put our systems back in order. We might lose so much in the way of customers, reputation, and time, that we might even go out of business.
Because of these problems, we followed a few simple rules for our system and networks: minimize our vulnerabilities and plan for break-ins.
From the beginning, we avoided running programs that had a history ...