TSR-The Server Room – Shownotes – Episode 02

.

Security 101
(General Tips&Tricks about Passwords/Account/Security)

  • Passwords ( use different passwords for each thing) ( password management like Bitwarden sync across all your devices) rotate/change
    passwords every X months if you can
    2FA where possible, SSH keys or certificate based authentication where possible)
  • Accounts ( always disable and/or change password for generic/default accounts on machines like Admin/Admin, Cisco , etc.) f.e : root
    account i dont
    enable to ssh into my boxes by default use su or sudo for that)
  • Backups ( not directly but perhaps indirectly connects to this topic of security) have a backup strategy ( RAID is Not replacing NOR serves
    as a replacement for backups) Remember
    Harddrives ( normal or solid state drives) will eventually fail.. it is just the matter of when..Backup to another disk. to cloud. to Tape (
    they are cheap but tapedrives are expensive even secondhand but
    depending on the amount you need to do periodical backups of ( full or incremental ones) might come cheaper than building out a second NAS
    or purchasing HDDs to be able to ,,back up” data from source1
  • Security when it comes to Self hosted / On Permise Vs Cloud (Hosted by 3rd party) ( such as my Bitwarden password management instance) what I selfhost and I own
    is always safer than 3rd party solutions which
    can raise the fees from one year to another and say … if you select to opt out then you wont access your ,,password vault anymore” f.e …
    Dashlane / Lastpass / Keeper / etc. –> You do not Own Your own data, they have free tiers today but what about tomorrow? What about Your vaults security with all Your passwords at the hands of a 3rd party?
  • Physical Security ( whats valuable and precious best to be kept locked away) or at least make it harder to get physical access ( f.e my
    servers and switches in the 42U rack with the door closed with key)
    servers with their faceplate with key on (( these are not much and can be opened with a clip or screwdriver but might discourage accidental
    troublemakers (kids, cats)
  • Updates ( keep machines up to date when possible) patch vulnerabilities posted .. most of the hacks and malicious attacks use unpatched
    known vulnerabilities since X time and
    bets on lazy sysadmins
  • Extra steps/mentions/repeats ( to mention here Yubikes, Drive encryptions, 2FA again to mention, STRONG PASSWORDS, Disable or Change Default
    Passwords on devices-appliances)

LINKS:

Strong Password Generator
https://strongpasswordgenerator.com/

Yubikey
https://www.yubico.com/
https://www.yubico.com/why-yubico/how-yubikey-works/
https://www.yubico.com/products/yubikey-hardware/compare-products-series/

KeePass , KeePassX
https://keepass.info/
https://www.keepassx.org/downloads

Bitwarden
https://bitwarden.com/

SSH Keys Based Authentication on a Linux Server – DigitalOcean
https://www.digitalocean.com/community/tutorials/how-to-configure-ssh-key-based-authentication-on-a-linux-server

2FA / Multi Factor Authentication
https://en.wikipedia.org/wiki/Multi-factor_authentication
https://www.youtube.com/watch?v=ZXFYT-BG2So

2FA Authentication on Linux Server – TechRepublic
https://www.techrepublic.com/article/how-to-setup-two-factor-authentication-in-linux/

Testing for Default or Guessable User Account (OWASP-AT-003)
https://www.owasp.org/index.php/Testing_for_Default_or_Guessable_User_Account_(OWASP-AT-003)

4 most common types of Backups
https://intrinium.com/the-four-most-common-types-of-data-backup/

Backup – Wikipedia
https://en.wikipedia.org/wiki/Backup

On Permise Vs Cloud
https://www.cleo.com/blog/knowledge-base-on-premise-vs-cloud

Physical Secuirty – Secure Your Server Room by HP
https://www.hpe.com/us/en/insights/articles/how-to-secure-your-server-room-1809.html

Importance of Software Updates and Patches
https://wp.umaryland.edu/the-importance-of-general-software-updates-and-patches/