The Server Room Show – Episode 2 – Security 101

The Server Room – Shownotes – Episode 02

Security 101

Security 101
(General Tips&Tricks about Passwords/Account/Security)

  • Passwords ( use different passwords for each thing) ( password management like Bitwarden sync across all your devices) rotate/change
    passwords every X months if you can
    2FA where possible, SSH keys or certificate based authentication where possible)
  • Accounts ( always disable and/or change password for generic/default accounts on machines like Admin/Admin, Cisco , etc.) f.e : root
    account i dont
    enable to ssh into my boxes by default use su or sudo for that)
  • Backups ( not directly but perhaps indirectly connects to this topic of security) have a backup strategy ( RAID is Not replacing NOR serves
    as a replacement for backups) Remember
    Harddrives ( normal or solid state drives) will eventually fail.. it is just the matter of when..Backup to another disk. to cloud. to Tape (
    they are cheap but tapedrives are expensive even secondhand but
    depending on the amount you need to do periodical backups of ( full or incremental ones) might come cheaper than building out a second NAS
    or purchasing HDDs to be able to ,,back up” data from source1
  • Security when it comes to Self hosted / On Permise Vs Cloud (Hosted by 3rd party) ( such as my Bitwarden password management instance) what I selfhost and I own
    is always safer than 3rd party solutions which
    can raise the fees from one year to another and say … if you select to opt out then you wont access your ,,password vault anymore” f.e …
    Dashlane / Lastpass / Keeper / etc. –> You do not Own Your own data, they have free tiers today but what about tomorrow? What about Your vaults security with all Your passwords at the hands of a 3rd party?
  • Physical Security ( whats valuable and precious best to be kept locked away) or at least make it harder to get physical access ( f.e my
    servers and switches in the 42U rack with the door closed with key)
    servers with their faceplate with key on (( these are not much and can be opened with a clip or screwdriver but might discourage accidental
    troublemakers (kids, cats)
  • Updates ( keep machines up to date when possible) patch vulnerabilities posted .. most of the hacks and malicious attacks use unpatched
    known vulnerabilities since X time and
    bets on lazy sysadmins
  • Extra steps/mentions/repeats ( to mention here Yubikes, Drive encryptions, 2FA again to mention, STRONG PASSWORDS, Disable or Change Default
    Passwords on devices-appliances)


Strong Password Generator


KeePass , KeePassX


SSH Keys Based Authentication on a Linux Server – DigitalOcean

2FA / Multi Factor Authentication

2FA Authentication on Linux Server – TechRepublic

Testing for Default or Guessable User Account (OWASP-AT-003)

4 most common types of Backups

Backup – Wikipedia

On Permise Vs Cloud

Physical Secuirty – Secure Your Server Room by HP

Importance of Software Updates and Patches

One thought on “The Server Room Show – Episode 2 – Security 101”

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.