Laravel Forge - Server Security

You don't need to do anything extra - forge takes care of:

1. Setting up firewalls (it uses ufw, which is a wrapper around iptables)
2. Setting up Fail2ban (configured to block connections for a time period after too many failed ssh attempts)
3. SSH authentication settings (only allow ssh authentication via ssh keys, instead of passwords)
4. Enabling auto updates, including security patches

These are the big things to setup. There are other things, but in general these get you 90%+ of the way there. There are only a few other technical things you may want to do (selinux or apparmor, but the effort is often not worth it. Setting up a sever per app instead of using shared app servers is another security measure. You can even setup of 2fa for SSH logins!).

Most other security measures are "human" things like having access policies about who can access what servers, or rotating SSH keys and ensuring people have updated key when they need them. That gets pretty high-effort and is usually not done in situations without having a medium/larger team.

Thank you for the reply, I appreciate the info :)

I currently use ServerPilot to manage my servers, but am looking at Forge; does Forge also apply security updates to the system? Or do I need to manually manage my server (which I do not have to do with ServerPilot)?

In the documentation it says Forge runs security updates on a weekly basis, see here: https://forge.laravel.com/docs/1.0/servers/management.html#security