How to protect Linux from Hackers // My server security strategy!

One of the best posts on security, open source server security i've watched. Simply great!

unknowntechio

Another of the most important thing is network security, and your home network design. Using pfSense at network level. You talked about some of the DMZ setup. Using VLAN to separate networks, home networks, IoT networks, server network and so on.

CRK

Thanks for bringing this topic up! This is what I needed so much.

confluxmedia

Thanks for the quality content! You're such a wealth of information and we appreciate you sharing it

mrmotomoto

I honestly want to see your channel grow exponentially... May you get a few million subscribers real soon. Just keep maintaining your video's quality and pace...

SimarMannSingh

Once again, another great video. Thank you for your service ! :)

JoseFerreira-xmzy

Another great video thanks!
It would be great if you could go into more detail on how to address the firewall security issue using UFW of the docker containers and how you address them for cloud hosted servers.

g-net

Hi from London, I have subscribed and new to your channel. Thank you so much for tips and what I needed so much & very useful.

LawrenceSingha

Great video! Running ss or netstat as root (with sudo) will show the PID/Program name in the final column, which is helpful if you don't already know what ports services commonly use, for well known ports or registered ports, as well as for ephemeral ports

wildflowers

I hit the "subscribe" button and clicked "all" on the bell 🔔 great video sir!

alfredoramos

I think you're awesome, man. Keep on keeping on!

johnwillemsen

5:55 I run my containers via podman in systemd units and create the descriptions via quadlet.
That way I can just regularly let the system call "podman auto-update" and I am done (it also rolls it back in case the update doesn't work, but it relies on support from the containers here which may not necessarily be available).

kuhluhOG

Great video. What we do for security ? The best way is to install every server as a vm on a separate isolated vlan, apply all your suggestions. Hopefully nothing will infect your server, and even if it does, the infection will remain isolated and easily taken care of using snapshots or backups. We have applied this strategy and so far, so good, we are in safe heavens since 2 years. Not to forget, your virtualiser needs to be well protected as well.

mithubopensourcelab

broski explains things perfectly.. RESPECT AND LUV

andrewgraham

In 2021, I would recommend creating a Ed25519 key instead of a RSA key. Ed25519 offers stronger encryption and shorter keys. Only downside is that it is incompatible with older systems (older then say, 5 or 6 years?)

NickBouwhuis

Good video. dunno if its only me thinking the music in the background is a bit loud

burstfireno

This video is super interesting. Especially the part about Docker and iptables couldn't be stated enough. However I think that you could have also mentioned how to prevent docker from opening ports, that seem to be closed in the UFW rules. I had this issue a couple of days ago with a production system which unfortuantely wasn't protected by an external firewall. I was able to fix this in a couple of minutes, but for the novice admins, who are probably the target audience of this video, it certainly isn't that trivial to fix.

btw: I only discovered your channel a few days ago and even for me as a professional linux admin, it's interesting content. I'm looking forward to seeing more from you 🙂

nichdiekuh

Excellent Videos mate.... And thank you for sharing stuff like this..

cybersecurehacks

@26:48 - how do you make fail2ban work on all running service or all open ports ?
@26:58 - what will it show if you removed the sshd

fbifido

What if we loose the SSH keys file ? We cannot log in any longer if we had disabled password login ?

stephaneislistening