1 Jun 2023 |
blondysessy | Whoa | 05:34:44 |
blondysessy | Lol it's like im entering a whole new invisible world here | 05:34:59 |
blondysessy | So from what I got in the past few days. It's very good practice to install, Apparmor, UFW or in my case GUFW and fail2ban for intrusion protection | 05:35:33 |
blondysessy | keep my system updated as frequently as I can | 05:35:42 |
𝑮𝒊𝒍𝒍𝒆𝒔 𝑮𝒓𝒂𝒗𝒊𝒆𝒓 | Yes. Definitely. Updates fix bugs and security issues. You should keep a connected system as up-to-date as possible . | 06:46:55 |
𝑮𝒊𝒍𝒍𝒆𝒔 𝑮𝒓𝒂𝒗𝒊𝒆𝒓 | In reply to @john_mabuse:matrix.org @blondysessy:matrix.org yes, you can set fail2ban to a certain amount of attempts and also to stop further attempts from that source Fail2ban is nice. But... I have a Ubiquiti Security Gateway on my network, configured as a full IPS. I regularly get attempts blocked... and in the logs, what I find is that they often comme from several IP addresses in the same class C or even class B network. Fail2ban will block each individual IP after a few failed attempts, but if the attacker has a botnet available with 65535 machines in a class B network at their disposal, that's still a lot of attempts. 🙂
The Synology NAS in my network is already configured to block an IP after 2 consecutive failed attempts within the same amount of time. 🙂 Double security here... IPS plus NAS' fail2ban.
I typically end up manually blocking that class C or class B if I see several blocked attempts from several machines in that same network. I've even blocked some countries totally as I was seeing too many attempts from there (Russia, China, and a few more). They are not expected to be users of the services I host anyways. 🙂 So no big loss. But still it shows how painful it can be.
| 06:54:16 |
blondysessy | I heard a lot of good things from Ubiquity | 06:55:43 |
blondysessy | They sell long server racks right? | 06:55:53 |
𝑮𝒊𝒍𝒍𝒆𝒔 𝑮𝒓𝒂𝒗𝒊𝒆𝒓 | You can actually run the management interface on an RPi if you want (they sell something called the Cloud Key which is a device with the management interface embedded in it - and a backup battery to let the system shut down properly in case of power failure). The software is open source. I've decided to run it on a cloud key for simplicity... but I know people who run it on Linux or an RPi. | 06:57:02 |
𝑮𝒊𝒍𝒍𝒆𝒔 𝑮𝒓𝒂𝒗𝒊𝒆𝒓 | They sell mostly network management infrastructure (WiFi access points, switches, routers, firewalls...) but also surveillance cameras... | 06:57:50 |
𝑮𝒊𝒍𝒍𝒆𝒔 𝑮𝒓𝒂𝒗𝒊𝒆𝒓 | https://www.ui.com/ | 06:57:56 |
blondysessy | interesting | 06:58:47 |
𝑮𝒊𝒍𝒍𝒆𝒔 𝑮𝒓𝒂𝒗𝒊𝒆𝒓 | https://community.ui.com/questions/UniFi-Installation-Scripts-or-UniFi-Easy-Update-Script-or-UniFi-Lets-Encrypt-or-UniFi-Easy-Encrypt-/ccbc7530-dd61-40a7-82ec-22b17f027776 | 06:58:47 |
𝑮𝒊𝒍𝒍𝒆𝒔 𝑮𝒓𝒂𝒗𝒊𝒆𝒓 | (runs on an RPI) | 06:58:52 |
blondysessy | This is way over my current knowledge of networking | 06:59:23 |
blondysessy | BUT I WILL GET THERE ;) | 06:59:31 |
blondysessy | Later today I'm fully switching to linux I just completed my backups | 06:59:55 |
blondysessy | Hopefully I'll get my PIs by the end of next week to set up my pi hole, god I hate ads so much | 07:00:19 |
𝑮𝒊𝒍𝒍𝒆𝒔 𝑮𝒓𝒂𝒗𝒊𝒆𝒓 | In reply to @blondysessy:matrix.org Later today I'm fully switching to linux I just completed my backups RPi raspbian is a full Linux distro. 🙂 So if you're running that, you've already "fully switched to linux". 🙂 | 07:01:08 |
𝑮𝒊𝒍𝒍𝒆𝒔 𝑮𝒓𝒂𝒗𝒊𝒆𝒓 | Of course you can also run Ubuntu. But that's just ANOTHER linux that runs fine on RPi. | 07:01:26 |
blondysessy | Oh, I'm talking about my main computer | 07:01:55 |
blondysessy | I'm using windows 10 at the moment, going to switch it to pop os. My other backup PC and laptop both run pop | 07:02:22 |
blondysessy | Thanks again for all the information | 07:02:34 |
𝑮𝒊𝒍𝒍𝒆𝒔 𝑮𝒓𝒂𝒗𝒊𝒆𝒓 | Cool. Why pop instead of Ubuntu? Are your using system76 hardware specifically? | 07:06:07 |
𝑮𝒊𝒍𝒍𝒆𝒔 𝑮𝒓𝒂𝒗𝒊𝒆𝒓 | What is cool is that they are preparing (available as tech preview) a pop for RPi 4. Which means same version of os on desktop and RPi.
That said, pop is based on Ubuntu 22.04. You could just run Ubuntu 23.04 on both your PCs and your RPis if you wanted the same OS... but the latest version... 😊 | 07:14:11 |
blondysessy | Back, I never tried ubuntu. I've only ever tried Endeavor and pop | 07:27:31 |
blondysessy | Oh and no I'm not using system76 hardware | 07:27:49 |
blondysessy | and yeah I saw that a few weeks ago https://pop.system76.com/ they have a download for pop 22.04 Raspberry Pi 4 | 07:28:44 |
blondysessy | From what I understand POP devs are working on a new GUI for pop which is expected to release next year, once they finish that they will update pop to 23.04 | 07:29:22 |
blondysessy | so they will be behind regular ubuntu for months | 07:29:33 |