- Blackhat, Whitehat, government, activists hackers constantly trying to get access to computers and data. Sony, Panama Documents, USA, Philippines
- Reasons can be money, political, religious, military, love, whatever...
- Computers are weapons and also targets. Data source, botnet, proxy, spam, DDOS
- Always need to think about security and common sense goes a long way!
- Secure Shell, a network protocol with encryption. Commonly use to accessing remote hosts.
- Passwords are insecure, compared to a private key, it's short. Turn off passwords login!
- Generate a new SSH keypair
- Never transfer your private key over the wire! Consider it compromised otherwise. Can use multiple keys, ~/.ssh/config
- SSH can be used for many other things.
ssh chat.shazow.net
- A firewall to block traffic
- Should drop all traffic by default, and only allowing the ports that you need e.g. SSH, HTTP/HTTPS.
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
sudo iptables -I INPUT 1 -i lo -j ACCEPT
sudo iptables -P INPUT DROP- Save the rules with iptables-persistent!
sudo apt-get install iptables-persistent- UFW is a front-end for iptables
- Web with SSL (Let's Encrypt)
- Email with GPG
- Chat with Signal, Telegram, Whatsapp
- Passwords with KeePass, 1Password, Lastpass
- Hard drive with TrueCrypt
- Network traffic with SSH Tunnel, VPN, Tor
- Money with cryptocurrencies, Bitcoin
- ClamAV is open source
- Firewall is more important than antivirus on server
- Use
toporpidstat 1to check for suspicous processes taking up resources on server - Update your system regularly!
- Update system regularly
- Follow security annoucements and patch 0day exploits!
- Give minimum privileges to all users
- Be paranoid!
- Put tape over your webcam