sysadminafterdark

joined 11 months ago
[–] sysadminafterdark@alien.top 1 points 11 months ago (1 children)

Why not use the phone already in your hand to look it up? There are several multi thousand upvoted threads on this platform about it.

[–] sysadminafterdark@alien.top 1 points 11 months ago (3 children)

You use Cloudflare to proxy, or in other words, hide your IP. Anyone can hit your DNS records, grab your IP and start DDOSing or hacking on it. They also have some nice features to force security features like HSTS or WAF rules. I’d recommend looking into it, not proxying your public IP is an amateur move. As for using NGINX proxy manager, consider using standalone NGINX and writing your own configuration files. There’s a pretty big security issue with it the lead developer refuses to patch.

[–] sysadminafterdark@alien.top 2 points 11 months ago

Take a look at CIS benchmarks and DoD STIGs. Many companies are starting to harden their infrastructure using these standards, depending on the requirements of the environment. Once you get the hang of it, then automate deployment. DO NOT blow in ALL of the rules at once. You WILL break shit. Every environment has security exceptions. If you’re running Active Directory, run Ping Castle and remediate any issues. Audit often, make sure everything is being monitored.