Security 101
(General Tips&Tricks about Passwords/Account/Security)
- Passwords ( use different passwords for each thing) ( password management like Bitwarden sync across all your devices) rotate/change
passwords every X months if you can
2FA where possible, SSH keys or certificate based authentication where possible) - Accounts ( always disable and/or change password for generic/default accounts on machines like Admin/Admin, Cisco , etc.) f.e : root
account i dont
enable to ssh into my boxes by default use su or sudo for that) - Backups ( not directly but perhaps indirectly connects to this topic of security) have a backup strategy ( RAID is Not replacing NOR serves
as a replacement for backups) Remember
Harddrives ( normal or solid state drives) will eventually fail.. it is just the matter of when..Backup to another disk. to cloud. to Tape (
they are cheap but tapedrives are expensive even secondhand but
depending on the amount you need to do periodical backups of ( full or incremental ones) might come cheaper than building out a second NAS
or purchasing HDDs to be able to ,,back up” data from source1 - Security when it comes to Self hosted / On Permise Vs Cloud (Hosted by 3rd party) ( such as my Bitwarden password management instance) what I selfhost and I own
is always safer than 3rd party solutions which
can raise the fees from one year to another and say … if you select to opt out then you wont access your ,,password vault anymore” f.e …
Dashlane / Lastpass / Keeper / etc. –> You do not Own Your own data, they have free tiers today but what about tomorrow? What about Your vaults security with all Your passwords at the hands of a 3rd party? - Physical Security ( whats valuable and precious best to be kept locked away) or at least make it harder to get physical access ( f.e my
servers and switches in the 42U rack with the door closed with key)
servers with their faceplate with key on (( these are not much and can be opened with a clip or screwdriver but might discourage accidental
troublemakers (kids, cats) - Updates ( keep machines up to date when possible) patch vulnerabilities posted .. most of the hacks and malicious attacks use unpatched
known vulnerabilities since X time and
bets on lazy sysadmins - Extra steps/mentions/repeats ( to mention here Yubikes, Drive encryptions, 2FA again to mention, STRONG PASSWORDS, Disable or Change Default
Passwords on devices-appliances)
LINKS:
Strong Password Generator
https://strongpasswordgenerator.com/
Yubikey
https://www.yubico.com/
https://www.yubico.com/why-yubico/how-yubikey-works/
https://www.yubico.com/products/yubikey-hardware/compare-products-series/
KeePass , KeePassX
https://keepass.info/
https://www.keepassx.org/downloads
Bitwarden
https://bitwarden.com/
SSH Keys Based Authentication on a Linux Server – DigitalOcean
https://www.digitalocean.com/community/tutorials/how-to-configure-ssh-key-based-authentication-on-a-linux-server
2FA / Multi Factor Authentication
https://en.wikipedia.org/wiki/Multi-factor_authentication
https://www.youtube.com/watch?v=ZXFYT-BG2So
2FA Authentication on Linux Server – TechRepublic
https://www.techrepublic.com/article/how-to-setup-two-factor-authentication-in-linux/
Testing for Default or Guessable User Account (OWASP-AT-003)
https://www.owasp.org/index.php/Testing_for_Default_or_Guessable_User_Account_(OWASP-AT-003)
4 most common types of Backups
https://intrinium.com/the-four-most-common-types-of-data-backup/
Backup – Wikipedia
https://en.wikipedia.org/wiki/Backup
On Permise Vs Cloud
https://www.cleo.com/blog/knowledge-base-on-premise-vs-cloud
Physical Secuirty – Secure Your Server Room by HP
https://www.hpe.com/us/en/insights/articles/how-to-secure-your-server-room-1809.html
Importance of Software Updates and Patches
https://wp.umaryland.edu/the-importance-of-general-software-updates-and-patches/
One thought on “The Server Room Show – Episode 2 – Security 101”