IPv6 should be disabled if you don’t have an IPv6 IP or services. If you have, you have to secure just like you secure an IPv4 network. I already use IPv6 within every LAN I install. The main router (gateway) has an IPv6 bridge to my data center (which is IPv6 enabled) and from there they can connect to both IPv6 networks or IPv4 networks. R E P L Y L I N K norg There is a slight wording mistake in #1: Encrypt Data Communication, section 3 “Fugu is a graphical frontend to the commandline Secure File Transfer application (SFTP)”. The acronym SFTP is misleading. SFTP is the “SSH file transfer protocol”, “Secure FTP” is something very different ( ). Secure FTP encrypts only the control channel , the data channel stays unencrypted. R E P L Y L I N K Charlie Brown SFTP is not the SSH file transfer… Whuuat?? SFTP is a UTILITY that RUNS on SSH… Two different animals dude.. Authur had it right.. It kills me how many people get their info “facts” from wiki… Man.. doesn’t anyone watch CNN? wiki is poo.. not accurate.. it is user-defined.. users make mistakes… SFTP is NOT SSH… Agghhh!! (Charlie Brown Scream…) R E P L Y L I N K A G33k ANswer.. Get rid of the end user and hire someone who can remember a password.. Best practice is 60 or 90 day, 14 characters minimum, and complexity requiring minimum of – 1 upper, converted by Web2PDFConvert.com
1 lower, 1 alpha, 1 symbol, 1 numeric. Remember password history.. Is it convienent? No… DO passwords get weaker with time? YEs.. Why because exploits move forward every day as do caps.. Each day a password remains static, is one more oppertunity given to comprimise your system security and capture user information… The problem w/ user passwords is that SO many users, use bank info, pins, etc… Its a best practice… As yourself this.. If you are sued.. yes.. lawsuit.. What will you tell the prosecuting atty. when he asks if you used complexity requirements and changes on passwords? All the attorney of the guy suing you has to prove is negligence.. Because so many passwords have been compromised.. you not enforcing it could be cionsidered negligence and could be a fatal loss to the suit.. Not saying it is right or easy.. But it’s best practice and it will help keep you and your company (did I mention you) out of a bind if legal issues arise… R E P L Y L I N K Navneet Gaur Really a very good and concise article that is informative and addresses various security issues. Very well written. Thank you for writing and posting this article. R E P L Y L I N K JohnnyO Well written! Wow. Great great great article! R E P L Y L I N K jeffatrackaid Nice round up of some common server hardening techniques. While not specific to the server, I would add having a web application firewall, e.g. mod security or something similar. According to SANS, most exploits these days happen via web applications. Even with these tips (SELinux excepted), attackers can often setup shell kits, spam bots or similar tools.
You've reached the end of your free preview.
Want to read all 37 pages?
- Fall '16