Bookmarks
Tag cloud
Picture wall
Daily
RSS Feed
  • RSS Feed
  • Daily Feed
  • Weekly Feed
  • Monthly Feed
Filters

Links per page

  • 20 links
  • 50 links
  • 100 links

Filters

Untagged links
8 results tagged hardening  ✕   ✕
decalage2/awesome-security-hardening https://github.com/decalage2/awesome-security-hardening
Thu 10 Feb 2022 04:10:47 PM PST archive.org

A collection of awesome security hardening guides, best practices, checklists, benchmarks, tools and other resources.

awesome infosec sysadmin hardening hardware software equipment virtualization tools books links
On secure-shell security https://sysdogs.com/on-secure-shell-security/
Thu 03 Sep 2020 03:08:33 PM PDT archive.org

Wants to be the "cryptographic right answers" document, but for SSH.

Archived.

Maybe have Glitch monitor it?

/etc/ssh/sshd_config:

Protocol 2
AuthenticationMethods publickey
PasswordAuthentication no
PermitEmptyPasswords no
X11Forwarding no
AllowAgentForwarding no

# The problem with having "MaxAuthTries 2" is, the more keys your
# SSH agent has, the more chances you'll have to get locked out.
# I set it to <my number of SSH keys> +2.
MaxAuthTries 10
MaxSessions 10
HostbasedAuthentication no
IgnoreRhosts yes
PermitRootLogin no

KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256

Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr

MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
ssh configuration howto sysadmin infosec hardening bestpractices servers risk
Applied Crypto Hardening: bettercrypto.org https://bettercrypto.org/
Mon 03 Aug 2020 08:14:26 PM PDT archive.org

This guide arose out of the need for system administrators to have an updated, solid, well researched and thought-through guide for configuring SSL, PGP, SSH and other cryptographic tools in the post-Snowden age. Triggered by the NSA leaks in the summer of 2013, many system administrators and IT security officers saw the need to strengthen their encryption settings. This guide is specifically written for these system administrators.

The focus of this guide is merely to give current best practices for configuring complex cipher suites and related parameters in a copy & paste-able manner. The guide tries to stay as concise as is possible for such a complex topic as cryptography. Naturally, it can not be complete. There are many excellent guides (II & SYM, 2012) and best practice documents available when it comes to cryptography. However none of them focuses specifically on what an average system administrator needs for hardening his or her systems' crypto settings.

howto sysadmin linux crypto hardening applications servers ssl tls configuration
DevSec Hardening Framework https://github.com/dev-sec
Tue 07 May 2019 04:13:40 PM PDT archive.org

A number of Github repos of code meant to be used to harden servers in various ways prior to deployment.

devops tools hardening infosec ansible chef puppet cisbenchmarks
home [RSBAC: Extending Linux Security Beyond the Limits] http://www.rsbac.org/
Tue 20 Mar 2018 03:06:16 AM PDT archive.org

A ruleset-based access control system for the Linux kernel.

kernel hardening system rbac computer rsbac foss linux security software
HowTos/OS Protection - CentOS Wiki http://wiki.centos.org/HowTos/OS_Protection
Tue 20 Mar 2018 01:51:33 AM PDT archive.org

An excellent tutorial on hardening CenOS Linux (and by extension Redhat Advanced Server).

hardening centos admin infosec howto server sysadmin redhat linux security rhas guide tutorial rhel
Hardening Your Web Server’s SSL Ciphers — Hynek Schlawack http://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
Tue 20 Mar 2018 12:32:57 AM PDT archive.org

How to harden SSL support on your web server to mitigate attacks like BREACH, BEAST, and Lucky 13. Updated regularly.

hardening ssl infosec crypto sysadmin nginx linux apache tls
Strong SSL Security on nginx - Raymii.org https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
Mon 19 Mar 2018 05:23:41 PM PDT archive.org

A tutorial on how to harden SSL and TLS in Nginx. Includes changing and increasing the size of Diffie-Hellman parameters for better security.

tls hardening dh ssl crypto sysadmin nginx pfs howto
4684 links, including 339 private
Shaarli - The personal, minimalist, super-fast, database free, bookmarking service by the Shaarli community - Theme by kalvn