Difference between revisions of "Template:Menu content security"
(→Firewall) |
|||
| (9 intermediate revisions by the same user not shown) | |||
| Line 8: | Line 8: | ||
==Global security== | ==Global security== | ||
| − | [[File:Internet security.png|64px|caption|Internet security]] | + | [[File:Internet security.png|64px|caption|Internet security]] Internet security |
| Line 25: | Line 25: | ||
* [[SSH create key|How-to generate SSH key]] | * [[SSH create key|How-to generate SSH key]] | ||
| + | |||
| + | * [[SSH tunneling]] | ||
| Line 44: | Line 46: | ||
!colspan="2"|Firewall | !colspan="2"|Firewall | ||
|- | |- | ||
| − | |rowspan=" | + | |rowspan="8"|Basics |
|[[Firewall principle]] | |[[Firewall principle]] | ||
|- | |- | ||
| Line 56: | Line 58: | ||
|- | |- | ||
|[[Firewall INPUT filters]] | |[[Firewall INPUT filters]] | ||
| + | |- | ||
| + | |[[Firewall log dropped]] | ||
| + | |- | ||
| + | |[[Firewall Peer to Peer]] | ||
|- | |- | ||
|rowspan="2"|Advanced | |rowspan="2"|Advanced | ||
| Line 66: | Line 72: | ||
|} | |} | ||
| + | |||
| + | SSH can also be used to create a '''[[VPN tunnel over SSH]]''' | ||
| + | |||
| + | |||
| + | |||
| + | You can also try to setup the interactive firewall: DouaneAPP (http://douaneapp.com/) | ||
| + | # [https://github.com/Douane/Douane/wiki/Dependencies Install Douane dependencies and requirements] | ||
| + | <syntaxhighlight lang="bash"> | ||
| + | apt-get install build-essential | ||
| + | apt-get install dkms | ||
| + | apt-get install libboost-filesystem-dev libboost-regex-dev libboost-signals-dev policykit-1 libdbus-c++-dev libdbus-1-dev liblog4cxx10-dev libssl-dev | ||
| + | apt-get install libboost-signals-dev libdbus-c++-dev libdbus-1-dev liblog4cxx10-dev libgtkmm-3.0-dev | ||
| + | apt-get install gtk+3.0 python3 python3-gi policykit-1 python3-dbus | ||
| + | </syntaxhighlight> | ||
| + | # [https://github.com/Douane/Douane/wiki/Compilation Douane compilation and setup] | ||
| + | |||
| + | >> Official Douane website: https://github.com/Douane/Douane | ||
==SSL== | ==SSL== | ||
| Line 87: | Line 110: | ||
* [[VPN client]] | * [[VPN client]] | ||
| + | * [[VPN L2TP client]] | ||
==Remote desktop== | ==Remote desktop== | ||
Latest revision as of 22:07, 29 November 2017
Contents
Security
How to secure your server / workstation ?
Global security
Internet security
SSH
SSH
- SSH server setup
- SSH server using local user / password auth.
- SSH server using key auth.
- SSH server using LDAP user auth.
- SSH server using LDAP key auth.
Firewall
This section explains HOW to create, maintain and use a firewall with IpTables.
SSH can also be used to create a VPN tunnel over SSH
You can also try to setup the interactive firewall: DouaneAPP (http://douaneapp.com/)
apt-get install build-essential
apt-get install dkms
apt-get install libboost-filesystem-dev libboost-regex-dev libboost-signals-dev policykit-1 libdbus-c++-dev libdbus-1-dev liblog4cxx10-dev libssl-dev
apt-get install libboost-signals-dev libdbus-c++-dev libdbus-1-dev liblog4cxx10-dev libgtkmm-3.0-dev
apt-get install gtk+3.0 python3 python3-gi policykit-1 python3-dbus>> Official Douane website: https://github.com/Douane/Douane
SSL
SSL certificates and chain of trust
VPN
Virtual Private Network (VPN)
Remote desktop
Remote desktop
Intrusion Detection / Protection
Protection is good, but that's not enough! We need to detect attacks.
- IDS = Intrusion Detection System : tool that detect attacks.
- IPS = Intrusion Protection System : detect an intrusion attempt and react upon it.
I'm using one of the most famous IDS: "Snort" (https://www.snort.org/).
Crontab
To run some task / scripts periodically
