Overview Changing your SSH keys is as important as changing your underpants daily, running this script on a frequent basis will ensure access to the servers are changed on a regular basis. Use Ansible to do ssh key rotation in your sleep!
Blocking Postfix traffic using Fail2ban
So if you are reading this then you have probably seen what appears to be every bot in China connecting to your Postfix server to attempt anything from relaying to auth attacking. Well, have I got the solution for you! Now before you implement this, I will warn you, this is very restrictive, it doesn’t… Read more »
Hardening SSHD for Security
The secure shell daemon should be hardened to prevent unauthorised access before being put into a production environment or exposed to the internet. 1. Verify the /etc/ssh/sshd_config file contains the following lines and that they are not commented out:
| 1 2 3 4 5 6 7 8 9 | Protocol 2 IgnoreRhosts yes HostbasedAuthentication no PermitRootLogin no PermitEmptyPasswords no AllowTcpForwarding no (unless needed) X11 Forwarding no (unless needed) AllowUsers <username1> <username2> (Optional) DenyUsers <username1> <username2> (Optional) |
Should you have any questions, comments or suggestions, please don’t hesitate to comment below. If… Read more »
Deny ICMP Ping on Outside Dialer Interface (Cisco Router)
Deny ICMP Ping on Outside Dialer Interface for a Cisco Router I am a firm believer of “if you don’t need it, turn it off”, icmp ping is no exception. Doing such reduces the surface area of attack, as most port scanners initially ping the target to see if there is a replying host at… Read more »
Secure Administrator account in Active Directory
Securing the Administrator account in Active Directory You may be thinking this should be common knowledge but time and time again I see directories with the Administrator account still in the “Domain Admins” group and active! Before you do this, ensure you are not using the domain administrator account for authenticating! I always follow a… Read more »