Weekly thread to discuss industry certifications, trainings and other courses/learning. Ask questions, share your experiences and help others!

  • shellsharks@infosec.pubOPM
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    Yep this is a good place to post anything learning related. Also I think you’d be surprised how helpful people can be so I wouldn’t be shy about asking. Ask here, ask on Mastodon too.

    • mspencer712@programming.dev
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      I don’t know if this is a reasonable thing to want, but I want to create it if it doesn’t. Or I need to understand why my expectations are warped.

      I have this impression that, in 1995, you could just stand up a Solaris or Sys V UNIX box on the public internet, run some common default services that most people wanted on a “standard internet host” and they would more or less do ok. Try that today, of course, and things would not be ok.

      I think there should be a guide for creating a similar environment with free (and/or “free”) software. My version would start with: you’ll need server hardware totaling around 32 GB of RAM or more, on one machine or several. Recycled laptops or corporate desktops work, though you’ll need vlan aware switching if multiple machines. We’ll assume a static ip and a domain with dnssec support. Here’s what that means.

      And then a sort of step by step for a management vlan, a vm hypervisor, management vm, firewall, gsa/openvas, an apt-mirror VM, and then we start setting up services. Each service gets its own VM, and gets a /30 net and firewall rules allowing minimum permissions. DNS, then OpenLDAP, then haproxy, then email, etc.

      I’ve been on a journey setting this all up for myself, and I think my biggest problem has been understanding the abstract concepts. I was following an OpenLDAP walkthrough, for example, without really understanding how different clients would be using it. I found a whole series of articles on setting up email, and was able to adapt their approach (single hosted VM, sql storage for user info) to my own (four VMs, LDAP storage for user info). But I’m still struggling with postfix mapping tables for example.

      Setting aside if it’s possible to find this sort of “follow these steps for an exceptionally secure, though maintenance heavy, internet site!” walkthrough, is this even something people want? Maybe I’m being too egocentric, assuming everyone must want what I want. The whole thing is unmaintainable if the reader is just walked through the steps without getting a deep understanding of what and why. Maybe people looking for walkthroughs generally don’t want all of the extra steps.

      Does what I’m proposing make sense? Should it exist? Does it already?

      • shellsharks@infosec.pubOPM
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        I think it makes sense. Not sure if it exists already. As for the question of “do people want it?” The Internet is a big place. No matter what you could possibly think up, there’s probably some folks out there who are interested. If you think it’s interesting than others probably do to. Go for it!