Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Saturday June 03 2017, @02:32PM   Printer-friendly
from the cat-and-mouse-and-dogged-determination dept.

A couple years ago I set up a simple brochure-ware site for the School Board in the district here in Brooklyn, hosted on a VPS instance on Linode, to publicize the dates of public meetings, meeting minutes, etc. The VPS doesn't contain any sensitive information so I locked down the ports to 80, 443, and 22, hardened the SSH with measures like fail2ban, kept the system updated every week or so, and called it a day.

Last week, though, the site was compromised. Blowing the instance away and re-creating it from physical backups is not a problem, but in poring through the system to figure out how it was breached I realized both that my own security chops aren't deep enough and that standard best security practices might not be good enough anymore, anyway, given the many vulnerabilities exposed in the last year and realities like the NSA trove that Shadow Brokers leaked.

So the question for the more experienced security professionals in the Soylent community is, can they recommend a good guide and/or site to hone linux security chops and forensic skills that's current?


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Sunday June 04 2017, @09:00AM

    by Anonymous Coward on Sunday June 04 2017, @09:00AM (#520149)

    When programmers knew there shit because no hand holding were available and the "servers" were simple enough to really be able to look through and personally audit the code.

    Yes, but when was this wonderful mythical era? 90s? 80s? 70s? 60s?

    The whole "security" side of the Internet is bolted on after the fact, as the original computer networks were developed by academics for academics with no security considerations whatsoever. All users were trusted. A secure Internet would require a complete bottom-up redesign.

    Modern server software contains a gazillion of options and features that most people will not use but just waits to be exploited.

    Most software contains gazillions of options and features that most people will never use. But that one time when I really need one of those features, if it's not there, I will switch to a software that has it.