Securing your environment: application, server, code, and more - Engineer Man Live

preview_player
Показать описание
Agenda TBD

Hope you enjoyed the video!

Check out this code here:

Join my Discord server to chat with me:

Check out some code on my GitHub:

Tweet me something funny on Twitter:

Say hi over at Facebook:

Sincerely,
Engineer Man
  1. Engineer Man
  2. cloud security
  3. web security
  4. code security
  5. engineer man live
Рекомендации по теме
Securing your environment: 1:10:59

Securing your environment: application, server, code, and more - Engineer Man Live

How to secure 0:05:51

How to secure your cloud environment

Self-Hosting Security Guide 0:18:43

Self-Hosting Security Guide for your HomeLab

5 Steps to 0:23:15

5 Steps to Secure Linux (protect from hackers)

Application security on 0:25:05

Application security on cloud environments

6 Steps to 0:00:42

6 Steps to Secure Your Linux Server From Hackers

Web Server and 0:10:33

Web Server and Application Server | Explained 🔥🔥

How I secure 0:19:07

How I secure my Server Access with Teleport (for SSH, K8S, and Web)

Operate infrastructure across 0:40:38

Operate infrastructure across distributed locations with Azure Arc | BRK214

5 Easy Ways 0:03:42

5 Easy Ways to Secure Your SSH Server

Quick tips to 0:17:26

Quick tips to improve Linux Security on your desktop, laptop, or server (hardening for beginners)

Online Privacy & 0:15:42

Online Privacy & Security 101: How To Actually Protect Yourself?

Cybersecurity Architecture: Networks 0:27:31

Cybersecurity Architecture: Networks

Securing your Couchbase 0:39:51

Securing your Couchbase Environment – Couchbase Connect 2015

How to protect 0:30:39

How to protect Linux from Hackers // My server security strategy!

How to Protect 0:03:53

How to Protect Your Data Online

Designing the Right 0:44:47

Designing the Right Security Architecture for your APIs (Cloud Next '19)

Azure Security best 0:05:46

Azure Security best practices | Azure Tips and Tricks

10 Tips for 0:22:48

10 Tips for Hardening your Linux Servers

Data Security: Protect 0:07:22

Data Security: Protect your critical data (or else)

Everything You NEED 0:10:27

Everything You NEED to Know About WEB APP Architecture

Kubernetes Security Best 0:29:41

Kubernetes Security Best Practices you need to know | THE Guide for securing your K8s cluster!

Proxy In 5 0:05:27

Proxy In 5 Minutes | What Is A Proxy? | What Is A Proxy Server? | Proxy Explained | Simplilearn

How to secure 0:05:52

How to secure your Docker containers! (5 practical tips with example Dockerfiles! 🐳)

Комментарии
Автор

Great video - several points:

(1) Many FWs can do much more than IP\Port based packet filtering. Deep packet inspection and stateful FWs operate more on a payload and flow basis than just the SA\DA IP\port information.

(2) AD is not the same as public\private key encryption. AD is a Microsoft implementation of an LDAP (i.e. directory) type service.

(3) It should be noted to never allow direct root access\login via any remote access method such as SSH. ALWAYS require "su" to utilize the root account AFTER you have logged into the system. Similarly, NEVER even use the root account unless logged in via an encrypted channel - NEVER NEVER NEVER cleartext channels like telnet.

(4) While I'm on it, disable telnetd (the telnet daemon) altogether. There is truly no need to have it running.

(5) The same goes for FTP\SFTP - the former should never be allowed except for very rare and one-off situations. I almost always disable FTPd and require SFTP. Any FTP client worth a damn will also support SFTP as well.

(6) Running daemons with root access is not that big a deal if the box is secure. The more important issue here is to not use the root account unless absolutely required. Use "sudo" instead. Don't believe me??? Try issuing something like "rm -f *" against an undesired location while using the root account and see what happens...

(7) Always try to use a dedicated box as your FW. While it is definitely possible to run FW services on the same server you wish to protect, doing so increases maintenance tasks and can add undesirable load to that server. Moving your FW out in front of your protected hosts helps to centralize your workload, doesn't risk overloading your protected hosts, and allows for more flexibility in terms of your security paradigm.

(8) Last, consider moving some apps to non-standard ports. For example, move SSH away from 22 and put it on 5022 (or whatever you wish). If you have webapps that do not require access via well-known ports (i.e. myphpadmin), then move those away from 443. This isn't foolproof (nothing is) but it does add to the hacker's workload - security by even partial obscurity is never a bad thing.

cyberzeus
Автор

Very interesting content, thanks for creating these videos. Keep going.

MaartenVanDamme
Автор

Amazing, really useful . Thank you engineer god ! :)

Alessandro-nqtm
Автор

So, there is hackerman and now, his antagonist *ENGINEER MAN*

JailerGamer
Автор

Do you have an example code of the try catch for errors you mentioned?

toobstr
Автор

1.Q&A: 11:00
2. Main content: 14:12

yegorpl
Автор

Inlet server is a good name. I heard the term jump box or jump server as other terms.

Vlfkfnejisjejrjtjrie
Автор

One mistake that I have made is forgetting that I had a key in an older testing code file. I created the new code file with the proper secret handling but accidentally uploaded my old file with the secret.

gandhiisback
Автор

Could you please make a video about it?

paninomortadella
Автор

didnt went through cookies and ddos? cmon: )

gomo