Difference between revisions of "Template:Menu content security"

(Firewall)
 
(11 intermediate revisions by the same user not shown)
Line 8: Line 8:
 
==Global security==
 
==Global security==
  
[[File:Internet security.png|64px|caption|Internet security]] Anti-virus / anti root-kits / Fail2Ban
+
[[File:Internet security.png|64px|caption|Internet security]] Internet security
  
  
Line 25: Line 25:
  
 
* [[SSH create key|How-to generate SSH key]]
 
* [[SSH create key|How-to generate SSH key]]
 +
 +
* [[SSH tunneling]]
  
  
Line 44: Line 46:
 
!colspan="2"|Firewall
 
!colspan="2"|Firewall
 
|-
 
|-
|rowspan="6"|Basics
+
|rowspan="8"|Basics
 
|[[Firewall principle]]
 
|[[Firewall principle]]
 
|-
 
|-
Line 56: Line 58:
 
|-
 
|-
 
|[[Firewall INPUT filters]]
 
|[[Firewall INPUT filters]]
 +
|-
 +
|[[Firewall log dropped]]
 +
|-
 +
|[[Firewall Peer to Peer]]
 
|-
 
|-
 
|rowspan="2"|Advanced
 
|rowspan="2"|Advanced
Line 66: Line 72:
 
|}
 
|}
  
 +
 +
SSH can also be used to create a '''[[VPN tunnel over SSH]]'''
 +
 +
 +
 +
You can also try to setup the interactive firewall: DouaneAPP (http://douaneapp.com/)
 +
# [https://github.com/Douane/Douane/wiki/Dependencies Install Douane dependencies and requirements]
 +
<syntaxhighlight lang="bash">
 +
apt-get install build-essential
 +
apt-get install dkms
 +
apt-get install libboost-filesystem-dev libboost-regex-dev libboost-signals-dev policykit-1 libdbus-c++-dev libdbus-1-dev liblog4cxx10-dev libssl-dev
 +
apt-get install libboost-signals-dev libdbus-c++-dev libdbus-1-dev liblog4cxx10-dev libgtkmm-3.0-dev
 +
apt-get install gtk+3.0 python3 python3-gi policykit-1 python3-dbus
 +
</syntaxhighlight>
 +
# [https://github.com/Douane/Douane/wiki/Compilation Douane compilation and setup]
 +
 +
>> Official Douane website: https://github.com/Douane/Douane
  
 
==SSL==
 
==SSL==
Line 86: Line 109:
  
 
* [[VPN client]]
 
* [[VPN client]]
 +
 +
* [[VPN L2TP client]]
 +
 +
==Remote desktop==
 +
 +
[[File:Remote desktop icon 64.png|64px|caption|Remote desktop]] Remote desktop
 +
 +
 +
* [[Remote desktop using SSH tunneling]]
  
  
Line 109: Line 141:
  
  
[[crontab daily script]]
+
[[crontab]]

Latest revision as of 22:07, 29 November 2017


Security

How to secure your server / workstation ?


Global security

Internet security Internet security



SSH

SSH SSH




Firewall

FW principle This section explains HOW to create, maintain and use a firewall with IpTables.


Firewall
Basics Firewall principle
Firewall basics
Firewall core (main) protocols
Firewall VPN
Firewall OUTPUT filters
Firewall INPUT filters
Firewall log dropped
Firewall Peer to Peer
Advanced Firewall port forwarding
Firewall source address filtering
Installation and scripts Firewall installation scripts


SSH can also be used to create a VPN tunnel over SSH


You can also try to setup the interactive firewall: DouaneAPP (http://douaneapp.com/)

  1. Install Douane dependencies and requirements
apt-get install build-essential
apt-get install dkms
apt-get install libboost-filesystem-dev libboost-regex-dev libboost-signals-dev policykit-1 libdbus-c++-dev libdbus-1-dev liblog4cxx10-dev libssl-dev
apt-get install libboost-signals-dev libdbus-c++-dev libdbus-1-dev liblog4cxx10-dev libgtkmm-3.0-dev
apt-get install gtk+3.0 python3 python3-gi policykit-1 python3-dbus
  1. Douane compilation and setup

>> Official Douane website: https://github.com/Douane/Douane

SSL

SSL SSL certificates and chain of trust


SSL server


VPN

VPN Virtual Private Network (VPN)


Remote desktop

Remote desktop Remote desktop



Intrusion Detection / Protection

Radar Protection is good, but that's not enough! We need to detect attacks.


  • IDS = Intrusion Detection System : tool that detect attacks.
  • IPS = Intrusion Protection System : detect an intrusion attempt and react upon it.


I'm using one of the most famous IDS: "Snort" (https://www.snort.org/).


Crontab

Alarm clock To run some task / scripts periodically


crontab