Search: [hardening]

decalage2/awesome-security-hardening https://github.com/decalage2/awesome-security-hardening

Thu 10 Feb 2022 04:10:47 PM PST

A collection of awesome security hardening guides, best practices, checklists, benchmarks, tools and other resources.

On secure-shell security https://sysdogs.com/on-secure-shell-security/

Thu 03 Sep 2020 03:08:33 PM PDT

Wants to be the "cryptographic right answers" document, but for SSH.

Archived.

Maybe have Glitch monitor it?

/etc/ssh/sshd_config:

Protocol 2
AuthenticationMethods publickey
PasswordAuthentication no
PermitEmptyPasswords no
X11Forwarding no
AllowAgentForwarding no

# The problem with having "MaxAuthTries 2" is, the more keys your
# SSH agent has, the more chances you'll have to get locked out.
# I set it to <my number of SSH keys> +2.
MaxAuthTries 10
MaxSessions 10
HostbasedAuthentication no
IgnoreRhosts yes
PermitRootLogin no

KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256

Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr

MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com

Applied Crypto Hardening: bettercrypto.org https://bettercrypto.org/

Mon 03 Aug 2020 08:14:26 PM PDT

Current version: Version 1.X, 2018-12-21

This guide arose out of the need for system administrators to have an updated, solid, well researched and thought-through guide for configuring SSL, PGP, SSH and other cryptographic tools in the post-Snowden age. Triggered by the NSA leaks in the summer of 2013, many system administrators and IT security officers saw the need to strengthen their encryption settings. This guide is specifically written for these system administrators.

The focus of this guide is merely to give current best practices for configuring complex cipher suites and related parameters in a copy & paste-able manner. The guide tries to stay as concise as is possible for such a complex topic as cryptography. Naturally, it can not be complete. There are many excellent guides (II & SYM, 2012) and best practice documents available when it comes to cryptography. However none of them focuses specifically on what an average system administrator needs for hardening his or her systems' crypto settings.

DevSec Hardening Framework https://github.com/dev-sec

Tue 07 May 2019 04:13:40 PM PDT

A number of Github repos of code meant to be used to harden servers in various ways prior to deployment.

home [RSBAC: Extending Linux Security Beyond the Limits] http://www.rsbac.org/

Tue 20 Mar 2018 03:06:16 AM PDT

A ruleset-based access control system for the Linux kernel.

HowTos/OS Protection - CentOS Wiki http://wiki.centos.org/HowTos/OS_Protection

Tue 20 Mar 2018 01:51:33 AM PDT

An excellent tutorial on hardening CenOS Linux (and by extension Redhat Advanced Server).

Hardening Your Web Server’s SSL Ciphers — Hynek Schlawack http://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/

Tue 20 Mar 2018 12:32:57 AM PDT

How to harden SSL support on your web server to mitigate attacks like BREACH, BEAST, and Lucky 13. Updated regularly.

Strong SSL Security on nginx - Raymii.org https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html

Mon 19 Mar 2018 05:23:41 PM PDT

A tutorial on how to harden SSL and TLS in Nginx. Includes changing and increasing the size of Diffie-Hellman parameters for better security.

Links per page

Filters