Appreciate the further reading! It’s been a fun rabbit hole and as I see it just keeps going.
Being newer to all this, I’m very hesitant to fully open to the public, especially security wise, as I don’t think too cautious is a thing. What are maybe a few things you had wished you’d known from the start? And pardon me if you have a good read I haven’t gotten to yet 😅
Edit: just read your importance of security post, that’s quite a fright! Thank you for posting of such an incident, it’s invaluable to have mistakes to learn from
Yeah for sure! I like to post about both the positive and negative experiences. I find things like that to be a valuable learning tool.
From a security perspective, it’s important to understand the systems you’ve implemented and test that they are working as expected. I think in that example if I had tested user sign-up sooner I could have caught the configuration issue.
It’s also important to have good observability into your system, both metrics and logs. Metrics to help detect if something weird is happening (increased resource usage could point to ransomware or crypto mining) and logging to track down what happened and see what systems are impacted.
From a technical controls standpoint, it’s good practice to segregate your applications from other systems and control planes like IPMI and switching/routing admin interfaces. It’s also good to try to limit holes in your firewall. In this cluster, I have Cloudflare Tunnels setup so that I don’t have to open ports to access web servers, and I get access to their WAF tooling. You could do something similar with a VPS running WireGuard, CrowdSec, and a reverse proxy.
Appreciate the further reading! It’s been a fun rabbit hole and as I see it just keeps going.
Being newer to all this, I’m very hesitant to fully open to the public, especially security wise, as I don’t think too cautious is a thing. What are maybe a few things you had wished you’d known from the start? And pardon me if you have a good read I haven’t gotten to yet 😅
Edit: just read your importance of security post, that’s quite a fright! Thank you for posting of such an incident, it’s invaluable to have mistakes to learn from
Yeah for sure! I like to post about both the positive and negative experiences. I find things like that to be a valuable learning tool.
From a security perspective, it’s important to understand the systems you’ve implemented and test that they are working as expected. I think in that example if I had tested user sign-up sooner I could have caught the configuration issue.
It’s also important to have good observability into your system, both metrics and logs. Metrics to help detect if something weird is happening (increased resource usage could point to ransomware or crypto mining) and logging to track down what happened and see what systems are impacted.
From a technical controls standpoint, it’s good practice to segregate your applications from other systems and control planes like IPMI and switching/routing admin interfaces. It’s also good to try to limit holes in your firewall. In this cluster, I have Cloudflare Tunnels setup so that I don’t have to open ports to access web servers, and I get access to their WAF tooling. You could do something similar with a VPS running WireGuard, CrowdSec, and a reverse proxy.