Security Recommendations for Server Deployment
Bismillah,
Security Recommendations for Server Deployment
In XOR Out Connection
Block return, Pass in
Combating Reverse Telnet using OpenBSD Packet Filter
Force OpenSSH to only allow users with a key to log in
Separate ssh-key per host and user
Allow Access Based on Country with IPdeny
Pass out proto icmp
Security Patches and OS Updates
Syspatch and Sysupgrade
Store Password Database Locally with pass
Passphrase that you can memorize
Configure Email and DNS on Different Host from the website
Use a paid SSL Certificate
OpenBSD httpd in a Chroot Jail
/sbin/nologin is set as the shell
All root scripts should be in the /root directory
Doas, sudo and setuid can be a problem, so be careful
The find command is powerful
Database backups are encrypted by GnuPG
Full Disk Encryption is active on the developer’s laptop
Protect login page from Bruteforce with 2FA
REVOKE insert, update, delete ON table FROM reporting_tool
OpenBSD firewall can block DDOS
Table abusive_hosts, persist
Block in quick from abusive_hosts
Overload, abusive_hosts, flush
Muhammad Muntaza bin Hatta
Syawal 1441 H, Banjarbaru - Indonesia