Hi, Its only going to be a matter of time before we start seeing IPV6 attacks due to the massive rollout of IPV6. I must admit I need to do something about SSH on my servers as I currently use IP restrictions with authorised key files, as I only have one server right now didn't want to go the OpenVPN route just yet. The other thing I was looking at was port knocking in order to get SSH opened conditionally. Andrew. -----Original Message----- From: Darragh Ó Héiligh <d@digitaldarragh.com> Sent: 11 April 2021 23:04 To: Mailing list for blind system administrators <blind-sysadmins@lists.hodgsonfamily.org> Subject: [Blind-sysadmins] Re: Security. Open conversation among system administrators? That's interesting regarding IPV6. Thanks Jason. Typically, I would strongly discourage anyone from opening SSH or RDP directly to the Internet. It doesn't take much to spin up OpenVPN or a similar VPN service. This is infinitely more secure than relying on SSH. Also, 2FA for server access is a must in my opinion. -----Original Message----- From: Jason White via Blind-sysadmins <blind-sysadmins@lists.hodgsonfamily.org> Sent: Sunday 11 April 2021 17:54 To: blind-sysadmins@lists.hodgsonfamily.org Cc: Jason White <jason@jasonjgw.net> Subject: [Blind-sysadmins] Re: Security. Open conversation among system administrators? I probably wouldn't be available for a meeting due to other commitments and priorities, but I would welcome security recommendations. In my case, it's a matter of securing my personal systems at home as well as a VPS that I run via Linode. Most, if not all of what I am doing is probably obvious. I discovered yesterday that unsophisticated attackers were trying to access the server via ssh, attempting various user names, including mine. Fortunately, I've long been in the practice of disallowing password-based authentication over ssh, so they couldn't have gained unauthorized access without a key and without an exploit. Still, I wasn't comfortable, so I simply turned off ssh access over IPv4, while still allowing it over IPv6. Evidently, the attackers aren't operating against me on v6 yet. On 11/4/21 12:18 pm, Darragh Ó Héiligh wrote:
Good afternoon,
Security is a huge concern for me at the moment. Two institutions in Ireland were targeted with Ryuk over the past few weeks. I have no doubt that there are malicious acters targeting the institution I work for right now.
I was wondering if a few of you would be up for a conversation via Zoom or Teams in the coming days. I can explain what we have done and what we are continuing to do to protect ourselves. You can do the same. Some of what we are doing might overlap but potentially we all might get a few new ideas.
My infrastructure might be considered legacy compared to some. I'm still using on-prem systems for the most part. But I have some cloud based services as well. All system admins / architects would be welcome.
Perhaps Wednesday at 10pm gmt? I don't know what that is in other time zones. But it's probably around 6pm eastern.
Regards
Darragh Ó Héiligh Performing, Promoting and Sharing traditional Irish music Performance: www.darraghpipes.ie<http://www.darraghpipes.ie> Music at the Gate: www.musicatthegate.ie<http://www.musicatthegate.ie> Ceol FM: www.ceol.fm<http://www.ceol.fm>
Tel: 00353(0)877670464 Email: darragh@ceol.fm
_______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org
_______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org _______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org