Put it on a DMZ in case of compromise. This will make it harder for lateral movement in case of compromise.
The fewer apps its running the smaller the attack surface. Only run what you need.
Add a white list for IP that can access it via ssh. Ensure its your lan subnet only.
Enable tor and use a proxy.
Run a vulnerability assessment. Openvas would be suitable.
Disable root, don't allow ssh as root. Make sure its always up to date.
/\ °-° /\ / Technomancer
npub145…gamtx
2023-05-20 18:58:07
in reply to nevent1q…0v42
Author Public Key
npub145d3l8lnuwnqpdp5nqc9wae6au3a5ytszchfxvhlu3vdw3p7shmqhgamtxPublished at
2023-05-20 18:58:07Event JSON
{
"id": "7f254991f18a109dcaf531a973b0ad2d23b86f675f8c0fae3dfd7e06829548be",
"pubkey": "ad1b1f9ff3e3a600b434983057773aef23da1170162e9332ffe458d7443e85f6",
"created_at": 1684609087,
"kind": 1,
"tags": [
[
"e",
"f71b360ada86f6806d917782a97189b2a3ba55c9c427444c2e94c8738a92baaf"
],
[
"p",
"deab79dafa1c2be4b4a6d3aca1357b6caa0b744bf46ad529a5ae464288579e68"
]
],
"content": "Put it on a DMZ in case of compromise. This will make it harder for lateral movement in case of compromise.\n\nThe fewer apps its running the smaller the attack surface. Only run what you need.\n\nAdd a white list for IP that can access it via ssh. Ensure its your lan subnet only.\n\nEnable tor and use a proxy.\n\nRun a vulnerability assessment. Openvas would be suitable.\n\nDisable root, don't allow ssh as root. Make sure its always up to date. ",
"sig": "c6cf83aabf1534276cfa305d634e50c93fe97edeba14b8cc8dec5c2d1d185daa7e9f5d7de3684ef5217de1785b9fa040250ae962a11e283903e0b4c547326f71"
}