this post was submitted on 30 Dec 2024
195 points (100.0% liked)

chapotraphouse

13630 readers
774 users here now

Banned? DM Wmill to appeal.

No anti-nautilism posts. See: Eco-fascism Primer

Slop posts go in c/slop. Don't post low-hanging fruit here.

founded 4 years ago
MODERATORS
LENINSGHOSTFACEKILLA@hexbear.net
MiraculousMM@hexbear.net
Nakoichi@hexbear.net
corgiwithalaptop@hexbear.net
PorkrollPosadist@hexbear.net
ZoomeristLeninist@hexbear.net
EmmaGoldman@hexbear.net
sweet_pecan@hexbear.net
a_little_red_rat@hexbear.net
khizuo@hexbear.net
PaX@hexbear.net
195
This is real (hexbear.net)
submitted 1 week ago by Sulvor@hexbear.net to c/chapotraphouse@hexbear.net
35 comments fedilink hide all child comments
 
you are viewing a single comment's thread
view the rest of the comments
[–] invalidusernamelol@hexbear.net 13 points 1 week ago (1 children)

Requiring rotating key/authenticator access for remote work and allowing users to come up with a solid terminal password on local access is pretty good.

That way all local connections can be verified and remote logins have the extra security layer.

That being said, if a priveleged user manages to compromise their local work machine it's all fucked.

[–] Deadend@hexbear.net 2 points 6 days ago (1 children)

That’s where security experts who are checking for things to go bad come in.

Making everyone a security expert + doing their job is some uphill ice skating.

[–] invalidusernamelol@hexbear.net 2 points 6 days ago (1 children)

A good bet it to open a dummy ssh port that no one should ever connect to, then immediately add any ip that tries to connect to it to a blacklist.

At the end of the day every security measure can be bypassed, you just need to be prepared for that inevitability.

[–] Deadend@hexbear.net 2 points 6 days ago

Locks are based on time/difficulty/detectability in the real world. The goal is “can’t to break in without getting caught”

It’s all a balance between risk/security and actually being useful.