Jump to content

securely manage the websites remotely


TheLaughingMan
 Share

Recommended Posts

3 steps I've taken in the past, bet we can think of some more on this forum?

1) SSH Console access ; then secure SSH

2) Web front-end/CMS eg Cpanel, PHPmyadmin. htaccess file to protect '/admin' directory (not necessarily labelled admin), in conjunction with (3) move the admin interface to a higher port, using vhosting

3) Firewall and restrict access of IPs allowed to access a management port

Link to comment
Share on other sites

Above post sums it up pretty much. SSH, SFTP, SCP, TLS/HTTPS usage, VPNs and IP restrictions work well and if not possible to use shell access over SSH, maybe setting up some form of two factor authentication so no one can get in without say a sent passphrase/onetime key sent to your phone or email(securely), or use of things like a YubiKey/smartcards.

Link to comment
Share on other sites

Above post sums it up pretty much. SSH, SFTP, SCP, TLS/HTTPS usage, VPNs and IP restrictions work well and if not possible to use shell access over SSH, maybe setting up some form of two factor authentication so no one can get in without say a sent passphrase/onetime key sent to your phone or email(securely), or use of things like a YubiKey/smartcards.

Can RSA tokens be use for the two way factor authenication. Plus is it compatable with SSH. I know with vpn is it but not sure with SSH and scp

Link to comment
Share on other sites

Above post sums it up pretty much. SSH, SFTP, SCP, TLS/HTTPS usage, VPNs and IP restrictions work well and if not possible to use shell access over SSH, maybe setting up some form of two factor authentication so no one can get in without say a sent passphrase/onetime key sent to your phone or email(securely), or use of things like a YubiKey/smartcards.

One thing I did is white list the address ranges for your ISP and VPN for SSH use. That way it would only be accessible from your local area, or through your VPN. That significantly reduced the number of logs coming in from hosts abroad.

I did this by messing with the /etc/hosts.allow and /etc/hosts.deny files.

Link to comment
Share on other sites

One thing I did is white list the address ranges for your ISP and VPN for SSH use. That way it would only be accessible from your local area, or through your VPN. That significantly reduced the number of logs coming in from hosts abroad.

I did this by messing with the /etc/hosts.allow and /etc/hosts.deny files.

But you did this with your own vpn and not a 3rd party vpn correct?

Link to comment
Share on other sites

But you did this with your own vpn and not a 3rd party vpn correct?

I did this through a VPN I subscribed to. While everyone in the far east can't brute force my OpenSSH service, attacks can still be attempted by anyone else that subscribes to the same VPN, or by users in my area with the same ISP.

In a business environment, it would be better to roll your own VPN (that only a handful of people can access), but have another means of accessing your system other than the VPN. If the VPN is the only way you can SSH into a computer, than that VPN service can be targeted for a DoS attack. Once your VPN goes down, so does SSH access.

Edited by nvemb3r
Link to comment
Share on other sites

  • 2 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...