VA1DER Wiki

Official Wiki of the Dark Side

User Tools

Site Tools

Trace:
wiki:debianmailserver

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
wiki:debianmailserver [2024/09/25 16:09] – Cleanup va1derwiki:debianmailserver [2024/09/28 01:29] (current) va1der
Line 59: Line 59:
  
 ===== Phase 1 - Batten the Hatches (External Security) ===== ===== Phase 1 - Batten the Hatches (External Security) =====
-You've got a shiny new VPS or server.  Your first consideration is to secure it.  András Stribik said it best when he said "my goal with this .. is to make NSA analysts sad".  This is absolutely our goal.+You've got a shiny new VPS or server.  Your first consideration is to secure it.  The goal here, in the words of András Stribikis to make NSA analysts sad. 
 + 
 +Security goals: 
 +  - 256-bit level security throughout (ie: <m>2^256</m> operations to crack) 
 +  - All keymat transfers (including session keys) protected by crypto as strong as the security level of the keymat.  256-bit keymat should never be transported without being protected by crypto that matches its security level 
 +  - Post-Quantum safe 
 +  - Redundant security - SSH over WireGuard
  
 If your VPS provider is like mine, you'll start with a remote console using something like VNC-over-https.  First order of business, make sure you've got nothing listening on your server, and if there is, and you haven't yet ensured it's secure, then shut it down.  Take a look at what's listening: If your VPS provider is like mine, you'll start with a remote console using something like VNC-over-https.  First order of business, make sure you've got nothing listening on your server, and if there is, and you haven't yet ensured it's secure, then shut it down.  Take a look at what's listening:
wiki/debianmailserver.txt · Last modified: 2024/09/28 01:29 by va1der