User Tools

Site Tools


part_1

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
part_1 [2025/03/01 19:53] wizardadminpart_1 [2025/03/01 20:01] (current) wizardadmin
Line 2: Line 2:
 {{:lock.jpeg?400|}} {{:lock.jpeg?400|}}
  
-{{:finished_diagram.png?400|}}+{{:finished_diagram.png?800|}} 
 This is a diagram of what i have in mind to secure this webserver. This is a diagram of what i have in mind to secure this webserver.
  
Line 8: Line 9:
  
 1. Disable logging in as root 1. Disable logging in as root
-2. Configure SSH to use a random port and not serve over port 22+ 
 +2. Configure SSH to use a random port and not connect over port 22 
 3. Lockdown logins by forcing logins with a public/private keypair instead of passwords, and disable password logins completely. 3. Lockdown logins by forcing logins with a public/private keypair instead of passwords, and disable password logins completely.
  
Line 14: Line 17:
 These i will not discuss but am happy to discuss in a professional environment (Job interview, job meetings) These i will not discuss but am happy to discuss in a professional environment (Job interview, job meetings)
  
-After hardening the Debian server as much as i knew, i moved onto the next steps in terms of security. A firewall! +After hardening the Debian server as much as i knew, i moved onto the next steps in terms of security. A firewall! See:[[opnsenseconfiguration|]] to see the basic configuration that i setup. 
  
 I went with a OPNSense firewall that again i hand built to fit into a 2u server chassis. Loaded OPNsense onto and got to work. My idea for this was that i would take advantage of OPNsense's Firewall and routing capabilities to combine it into a router/firewall.  I went with a OPNSense firewall that again i hand built to fit into a 2u server chassis. Loaded OPNsense onto and got to work. My idea for this was that i would take advantage of OPNsense's Firewall and routing capabilities to combine it into a router/firewall. 
  
  
part_1.1740858781.txt.gz · Last modified: 2025/03/01 19:53 by wizardadmin