That's interesting regarding IPV6. Thanks Jason. Typically, I would strongly discourage anyone from opening SSH or RDP directly to the Internet. It doesn't take much to spin up OpenVPN or a similar VPN service. This is infinitely more secure than relying on SSH. Also, 2FA for server access is a must in my opinion. -----Original Message----- From: Jason White via Blind-sysadmins <blind-sysadmins@lists.hodgsonfamily.org> Sent: Sunday 11 April 2021 17:54 To: blind-sysadmins@lists.hodgsonfamily.org Cc: Jason White <jason@jasonjgw.net> Subject: [Blind-sysadmins] Re: Security. Open conversation among system administrators? I probably wouldn't be available for a meeting due to other commitments and priorities, but I would welcome security recommendations. In my case, it's a matter of securing my personal systems at home as well as a VPS that I run via Linode. Most, if not all of what I am doing is probably obvious. I discovered yesterday that unsophisticated attackers were trying to access the server via ssh, attempting various user names, including mine. Fortunately, I've long been in the practice of disallowing password-based authentication over ssh, so they couldn't have gained unauthorized access without a key and without an exploit. Still, I wasn't comfortable, so I simply turned off ssh access over IPv4, while still allowing it over IPv6. Evidently, the attackers aren't operating against me on v6 yet. On 11/4/21 12:18 pm, Darragh Ó Héiligh wrote:
Good afternoon,
Security is a huge concern for me at the moment. Two institutions in Ireland were targeted with Ryuk over the past few weeks. I have no doubt that there are malicious acters targeting the institution I work for right now.
I was wondering if a few of you would be up for a conversation via Zoom or Teams in the coming days. I can explain what we have done and what we are continuing to do to protect ourselves. You can do the same. Some of what we are doing might overlap but potentially we all might get a few new ideas.
My infrastructure might be considered legacy compared to some. I'm still using on-prem systems for the most part. But I have some cloud based services as well. All system admins / architects would be welcome.
Perhaps Wednesday at 10pm gmt? I don't know what that is in other time zones. But it's probably around 6pm eastern.
Regards
Darragh Ó Héiligh Performing, Promoting and Sharing traditional Irish music Performance: www.darraghpipes.ie<http://www.darraghpipes.ie> Music at the Gate: www.musicatthegate.ie<http://www.musicatthegate.ie> Ceol FM: www.ceol.fm<http://www.ceol.fm>
Tel: 00353(0)877670464 Email: darragh@ceol.fm
_______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org
_______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org