All posts by viktormadarasz

About viktormadarasz

IT OnSite Analyst for a big multinational company

TSR-The Server Room – Shownotes – Episode 02

.

Security 101
(General Tips&Tricks about Passwords/Account/Security)

  • Passwords ( use different passwords for each thing) ( password management like Bitwarden sync across all your devices) rotate/change
    passwords every X months if you can
    2FA where possible, SSH keys or certificate based authentication where possible)
  • Accounts ( always disable and/or change password for generic/default accounts on machines like Admin/Admin, Cisco , etc.) f.e : root
    account i dont
    enable to ssh into my boxes by default use su or sudo for that)
  • Backups ( not directly but perhaps indirectly connects to this topic of security) have a backup strategy ( RAID is Not replacing NOR serves
    as a replacement for backups) Remember
    Harddrives ( normal or solid state drives) will eventually fail.. it is just the matter of when..Backup to another disk. to cloud. to Tape (
    they are cheap but tapedrives are expensive even secondhand but
    depending on the amount you need to do periodical backups of ( full or incremental ones) might come cheaper than building out a second NAS
    or purchasing HDDs to be able to ,,back up” data from source1
  • Security when it comes to Self hosted / On Permise Vs Cloud (Hosted by 3rd party) ( such as my Bitwarden password management instance) what I selfhost and I own
    is always safer than 3rd party solutions which
    can raise the fees from one year to another and say … if you select to opt out then you wont access your ,,password vault anymore” f.e …
    Dashlane / Lastpass / Keeper / etc. –> You do not Own Your own data, they have free tiers today but what about tomorrow? What about Your vaults security with all Your passwords at the hands of a 3rd party?
  • Physical Security ( whats valuable and precious best to be kept locked away) or at least make it harder to get physical access ( f.e my
    servers and switches in the 42U rack with the door closed with key)
    servers with their faceplate with key on (( these are not much and can be opened with a clip or screwdriver but might discourage accidental
    troublemakers (kids, cats)
  • Updates ( keep machines up to date when possible) patch vulnerabilities posted .. most of the hacks and malicious attacks use unpatched
    known vulnerabilities since X time and
    bets on lazy sysadmins
  • Extra steps/mentions/repeats ( to mention here Yubikes, Drive encryptions, 2FA again to mention, STRONG PASSWORDS, Disable or Change Default
    Passwords on devices-appliances)

LINKS:

Strong Password Generator
https://strongpasswordgenerator.com/

Yubikey
https://www.yubico.com/
https://www.yubico.com/why-yubico/how-yubikey-works/
https://www.yubico.com/products/yubikey-hardware/compare-products-series/

KeePass , KeePassX
https://keepass.info/
https://www.keepassx.org/downloads

Bitwarden
https://bitwarden.com/

SSH Keys Based Authentication on a Linux Server – DigitalOcean
https://www.digitalocean.com/community/tutorials/how-to-configure-ssh-key-based-authentication-on-a-linux-server

2FA / Multi Factor Authentication
https://en.wikipedia.org/wiki/Multi-factor_authentication
https://www.youtube.com/watch?v=ZXFYT-BG2So

2FA Authentication on Linux Server – TechRepublic
https://www.techrepublic.com/article/how-to-setup-two-factor-authentication-in-linux/

Testing for Default or Guessable User Account (OWASP-AT-003)
https://www.owasp.org/index.php/Testing_for_Default_or_Guessable_User_Account_(OWASP-AT-003)

4 most common types of Backups
https://intrinium.com/the-four-most-common-types-of-data-backup/

Backup – Wikipedia
https://en.wikipedia.org/wiki/Backup

On Permise Vs Cloud
https://www.cleo.com/blog/knowledge-base-on-premise-vs-cloud

Physical Secuirty – Secure Your Server Room by HP
https://www.hpe.com/us/en/insights/articles/how-to-secure-your-server-room-1809.html

Importance of Software Updates and Patches
https://wp.umaryland.edu/the-importance-of-general-software-updates-and-patches/

TSR-The Server Room – Shownotes – Episode 01

Topics for Discussion on this episode:

Home Server ISP options
Can I run a server out from Your own home? If not what alternatives I have available?
Does it worth it?
Should I use My ISP provided Modem or perhaps replace it with a 3rd party solution?

I will use the first 15-20 minutes to give my two cents about the above and then I open the phonelines for comments / opinions / debate from the audience.

If no callers then I just continue discussing some parts of these in more details.

Voicemail and Calling queue configured on the DID|VOIP|SIP line…During the show calls are placed in a queue if the line is busy and when offline calls go to a voicemail so You can feel free to leave your comments and ideas that way if You prefer..

Links:

Links about running Your own server at Your home internet connection:

https://www.expressvpn.com/blog/how-to-make-a-small-server-for-your-home/

https://afteracademy.com/blog/how-to-convert-your-laptop-desktop-into-a-server-and-host-internet-accessible-website-on-it-part-1-545940164ab9


ALTERNATIVE OPTIONS

Cloud providers:


Dedicated Servers for an affordable monthly price at Hetzner

https://www.hetzner.com/sb

DigitalOcean VPS *Virtual Private Servers* Run Your Own Services such as VPN *Virtual Private Network* for as little as 5$ a month (( For Example Outline VPN a free open source product made by Jigsaw ))

https://www.digitalocean.com/
https://getoutline.org/en/home

Hardware recommendations:

Ubiquity and Mikrotik equipment ( Routers, Access points, Switches)

https://www.ui.com/
https://mikrotik.com/products

I purchase from Europe online at Eurodk ( networking gear such as the above )
https://www.eurodk.com/

TSR-The Server Room – Shownotes – Episode 00


All You ever wanted to know about me can be found on the below three links:

https://cv.viktormadarasz.com
https://www.linkedin.com/in/viktormadarasz/
https://fitness.viktormadarasz.com

Recordings of the show can be found in the Anonradio Archives or any of the major podcast platforms.

Live Show broadcasted and recorded at 6pm – 6:30pm UTC Time Every Saturdays at Anonradio.net

DID VOIP Line Open During the Show: +1 910 665 9191
SIP:261414@sanjose2.voip.ms

Email: viktormadarasz@sdf.org


Shownotes for Episode 00

I would like to take this as a pre-flight checklist, to talk about everything a little bit in general but not too much in detail just yet.

To draw the landscape of What, When , Where, How….

  • What is The Server Room when it comes to Me? I could have called it a Homelab as I refer to it many times when I have the need to describe where I spend most of my time and on what…
  • What do I do for a living? ( for all those who have not opened any of those links on the top of this page)
  • A quick rundown of Hardware I own as of 09/11/2019
  • General Topics I’m normally interested in and bother enough to investigate and learn more about:

    1., Computer Hardware (not the electronics tough) anything and everything from new to old I love to look at them try them run them own them. Switches, Servers, Workstations, Thin Clients, Monitors, Terminal Emulators, Printers, Keyboards, Firewalls, UPS …. If You Can Plug It In Im Probably Interested
    2.,Operating Systems (From Dos, BSD, Unix , Linux To Mac OS X, Windows, AIX, HPUX , IBM zOS and IBM Power Architecture, Solaris .. . any and every)
    3.,Virtualization and Emulation (ESXI, Proxmox ,,,, Qemu, KVM, Stormasys CHARON Commercial Alpha, Vax, PDP, Sun emulators software )
    4., Network: Switches, Routers, Firewalls, LoadBalancers, Cloud (Azure, AWS, Oracle,Google), SDN – Software Defined Networks
    5., Enterprise Solutions: Things like SCCM or other (Altiris) OSD – Operating System Deployment, Centralized Backup Solutions ( Veeam Backup Suite and Virtual Quadrstor Tape Library both available free for Homelabbers)

    Im sure there is more but this is how much came to mind for now….
  • What this show could become? Could it be more interactive? Have calls-in on a DID VOIP Number? Should it have acompanying multimedia content * screen recordings/screencasts of things I do or talk about while doing clicky noise with the keyboard including errors and mistakes?