Just as general advice. Keep everything private, except the very minimum
you need otherwise. Keep everything disposable, except for what you
absolutely need to persist. Keep everything isolated, except exactly what
communication you need. Doing this will take a LOT of learning about the
systems and how they work, but you should consider it the base starting
point to avoid turning into a host for various bad actors. Until you feel
you won't expose more than you should, you should probably keep everything
locked up in a private network on vm's that you don't mind recycling on the
regular.
On Sun, Jul 11, 2021 at 12:54 PM Keith Smith via PLUG-discuss <
plug-discuss@lists.phxlinux.org> wrote:
>
> Thank you Michael for all your replies and for this one!!
>
> I hear ya. It may take too much time....
>
> Let me ponder your reply.
>
> Thanks!!
>
>
>
> On 2021-07-11 12:15, Michael Butash via PLUG-discuss wrote:
> > On Sun, Jul 11, 2021 at 11:23 AM Keith Smith via PLUG-discuss
> > <plug-discuss@lists.phxlinux.org> wrote:
> >
> >> I am talking about a virtual PHP host running Ubuntu LTS, LAMP,
> >> Let's
> >> Encrypt, BIND, Postfix, Dovecot, and possibly some webmail app. Not
> >>
> >> sure of anything else I would need. Is there more?
> >>
> >> We can throw in learning Apache SPF and NGINX.
> >>
> >> 1) First question is this a reasonable idea or am I crazy?
> >
> > For learning and tinkering, it's a good idea, production for yourself
> > probably not. I set all that up some 10-15 years ago, thought it was
> > cool, then got tired of upkeep. If you plan to maintain it right, you
> > probably will too.
> >
> > These days any internet-facing service needs almost religious zeal to
> > upkeep, lest some jackass use a 0-day to cryptolocker your system(s),
> > and if you watch security lists for those, they are still pretty
> > frequent I'll bet. Or you could just pay gmail/orfice365/rocketmail,
> > or any other and let all that patching and upkeep be automated by
> > them. I used godaddy mail for a decade, later gmail, and I really
> > don't mind not managing my own email or dns servers ever again since.
> >
> >> 2) 2nd question is what skills would I need?
> >
> > The ability to google your ass off mostly. I've not read a how-to or
> > protocol or certification-type book in 20 years, trust me it's not
> > terribly practical, and I fifo from my brain quickly. Searching how
> > to's and troubleshooting as you do is how you learn. If you must, I'd
> > recommend linux academy, udemy, or other online class-type courses, as
> > most can be had cheap around holidays with sales, mostly what I do
> > these days to learn if not just searching.
> >
> > Email is email and hasn't changed much in 20 years. Understanding
> > encryption, authentication (ie. 2fa), use of SPF/DKIM with DNS,
> > certificates (openssl, letsencrypt, build your own CA). Security in
> > general is pretty key more than knowing how email protocols work.
> >
> > Web stuff is again more about security imho, redirect all
> > non-encrypted to encrypted (tcp/80->443 redirection), proper
> > certs/encryption standards (enable tls1.2, disable rest, strong
> > ciphers). Some vhosts, proxy redirection if needed, etc is helpful.
> > If you want to scale, add load-balancing via apache/nginx proxy or
> > appliances (F5, AWS ALB, Netscaler, etc) across multiple hosts.
> >
> > System security is key too. Securing SSH, disabling unnecessary
> > services, local firewall in/out, log monitoring, networking, file
> > system/service integrity, etc.
> >
> > I am not a dev or a sysadmin, more a network guy that ends up
> > troubleshooting systems more than their owners do when they blame my
> > network, or just tinkering for myself. IMHO with above, but YMMV.
> >
> > -mb
> > ---------------------------------------------------
> > PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
> > To subscribe, unsubscribe, or to change your mail settings:
> > https://lists.phxlinux.org/mailman/listinfo/plug-discuss
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
--
James McPhee
jmcphe@gmail.com
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
https://lists.phxlinux.org/mailman/listinfo/plug-discuss
(text/plain)