Difference between revisions of "Template:Menu content security"
(→Firewall) |
|||
(6 intermediate revisions by the same user not shown) | |||
Line 46: | Line 46: | ||
!colspan="2"|Firewall | !colspan="2"|Firewall | ||
|- | |- | ||
− | |rowspan=" | + | |rowspan="8"|Basics |
|[[Firewall principle]] | |[[Firewall principle]] | ||
|- | |- | ||
Line 60: | Line 60: | ||
|- | |- | ||
|[[Firewall log dropped]] | |[[Firewall log dropped]] | ||
+ | |- | ||
+ | |[[Firewall Peer to Peer]] | ||
|- | |- | ||
|rowspan="2"|Advanced | |rowspan="2"|Advanced | ||
Line 70: | Line 72: | ||
|} | |} | ||
+ | |||
+ | SSH can also be used to create a '''[[VPN tunnel over SSH]]''' | ||
+ | |||
+ | |||
+ | |||
+ | You can also try to setup the interactive firewall: DouaneAPP (http://douaneapp.com/) | ||
+ | # [https://github.com/Douane/Douane/wiki/Dependencies Install Douane dependencies and requirements] | ||
+ | <syntaxhighlight lang="bash"> | ||
+ | apt-get install build-essential | ||
+ | apt-get install dkms | ||
+ | apt-get install libboost-filesystem-dev libboost-regex-dev libboost-signals-dev policykit-1 libdbus-c++-dev libdbus-1-dev liblog4cxx10-dev libssl-dev | ||
+ | apt-get install libboost-signals-dev libdbus-c++-dev libdbus-1-dev liblog4cxx10-dev libgtkmm-3.0-dev | ||
+ | apt-get install gtk+3.0 python3 python3-gi policykit-1 python3-dbus | ||
+ | </syntaxhighlight> | ||
+ | # [https://github.com/Douane/Douane/wiki/Compilation Douane compilation and setup] | ||
+ | |||
+ | >> Official Douane website: https://github.com/Douane/Douane | ||
==SSL== | ==SSL== | ||
Line 91: | Line 110: | ||
* [[VPN client]] | * [[VPN client]] | ||
+ | * [[VPN L2TP client]] | ||
==Remote desktop== | ==Remote desktop== |
Latest revision as of 22:07, 29 November 2017
Contents
Security
How to secure your server / workstation ?
Global security
SSH
- SSH server setup
- SSH server using local user / password auth.
- SSH server using key auth.
- SSH server using LDAP user auth.
- SSH server using LDAP key auth.
Firewall
This section explains HOW to create, maintain and use a firewall with IpTables.
SSH can also be used to create a VPN tunnel over SSH
You can also try to setup the interactive firewall: DouaneAPP (http://douaneapp.com/)
apt-get install build-essential
apt-get install dkms
apt-get install libboost-filesystem-dev libboost-regex-dev libboost-signals-dev policykit-1 libdbus-c++-dev libdbus-1-dev liblog4cxx10-dev libssl-dev
apt-get install libboost-signals-dev libdbus-c++-dev libdbus-1-dev liblog4cxx10-dev libgtkmm-3.0-dev
apt-get install gtk+3.0 python3 python3-gi policykit-1 python3-dbus
>> Official Douane website: https://github.com/Douane/Douane
SSL
SSL certificates and chain of trust
VPN
Remote desktop
Intrusion Detection / Protection
Protection is good, but that's not enough! We need to detect attacks.
- IDS = Intrusion Detection System : tool that detect attacks.
- IPS = Intrusion Protection System : detect an intrusion attempt and react upon it.
I'm using one of the most famous IDS: "Snort" (https://www.snort.org/).