Talk in English - US at Longhorn PHP Conference 2019
View Slides: https://www.rogercreasy.com/slides/serverFortress/#/
Short URL: https://joind.in/talk/3547d
(QR-Code (opens in new window))
Thanks to cloud providers like DigitalOcean, AWS, GCP, Linode, etc, we as developers can easily spin up servers for testing or production. We can have a complete server ready to go in a matter of seconds. Often security is an afterthought leaving servers vulnerable to attacks, abuse, or worse.
In this talk I will introduce some basic security settings and monitoring. I will make attendees aware of some of the many types of attacks, and the methodologies that can help protect them.
== Some of what this talk will cover ==
* Passwords – generating and protecting strong passwords
* Users – setting up, restricting access, granting rights (like sudo)
* Root – keeping access to root safe
* SSH – managing keys, defending against unauthorized access
* Firewalls – enhancing security with firewall rules
* Logwatch – get a daily email that summarizes security issues
* Fail2ban – rule-based control of your firewall
* Security Updates – how to automate
== Who this talk is for ==
Web developers who manage a cloud server, or those who want to manage one
Key Takeaways
Attendees will leave this talk with a better understanding of the threats that impact servers, and how to mitigate those threats. They will also have a list of resources and will leave with a basic understanding of how best utilize and implement those resources.
Comments
Comments are closed.
Excellent information for setting up some basic security, very useful
It was a good talk that covered a broad selection of relevant topics.
A few technical nitpicky stuff: you referred to ECDSA as edwards curves. They're not. Ed25519 is a (twisted) Edwards curve. ECDSA consists of 3x NIST curves (nistp256 being the most widely supported one) are probably more aptly called (short) Weierstrass curves. As for the suggestion that the NSA has backdoors in them... that's wholly unsubstantiated. NIST does work with the NSA to validate their standards but there's only one NIST standard that's known, for sure, to have a backdoor - Dual_EC_DRBG. Edward Snowden is the main reason that that one is known. Some people suspect that the NIST curves have backdoors in them but there's zero direct evidence of that. The NIST curves as utilized in ECDSA are, however, more prone to implementation errors, but OpenSSH doesn't have those implementation errors and, anyway, that's a talk unto itself lol.
Lots of great tips for beginners and for people who are not dedicated sys admins. Roger was very helpful with my questions..