netsec - Network Security

449 readers

10 users here now

This is the netsec Community, a community-curated aggregator of technical information security content. Our mission is to extract signal from the noise - to provide value to security practitioners, students, researchers, and hackers everywhere.

Content Guidelines:

Content should focus on the "How".
Always try to link to the original source.
Titles should provide context.
Ask Questions with a "[Question]" prefix in the Title.
Hiring Posts must go in the [Hiring] (stickied) Threads.
Commercial advertisement is discouraged.

Discussion Guidelines:

Don't create unnecessary conflict.
No trolling allowed, limit the use of jokes and memes.
Don't complain about content being a PDF.
Be nice to each other, everybody started somewhere.

Prohibited Content:

No populist news articles (CNN, BBC, FOX, etc)
No curated lists.
No social media posts (Facebook, Twitter, etc).
No image-only/video-only posts.
No livestreams.
No Tech Support requests.
No paywalled/regwalled content (use archive.is if possible?)
No commercial advertisement.
No crowdfunding posts.
No personally identifiable information.
No doxxing, and no harrassment of any kind.

founded 2 years ago

MODERATORS

cookiengineer@discuss.tchncs.de

Harden SSH in 5 minutes — practical steps for every new server (telegra.ph)

submitted 1 day ago by devtoolkit_api@discuss.tchncs.de to c/netsec@discuss.tchncs.de

0 comments fedilink hide all child comments

Steps I run on every new server. Nothing groundbreaking, just the basics that eliminate 99% of brute force noise:

Generate ed25519 key, copy to server
Disable PasswordAuthentication in sshd_config
Move to a non-standard port
Install fail2ban (3 attempts, 1h ban)
AllowUsers + MaxAuthTries 3

Full commands and config snippets in the writeup. Takes about 5 minutes start to finish.

no comments (yet)

sorted by: hot top controversial new old

there doesn't seem to be anything here