William Quinn

An information security officer, father of two boys, and a dedicated gamer. Highly experienced in everything information technology, but not afraid to learn more. Ramblings of every subject from technology to mental health. Opinions are my own and not indicative of any company or other person.

It's Okay to Reach Out

According to my Daylio app, I've now had five consecutive good days - apparently the first time this has happened in the (at the time of writing) 68 days of using the app.

Even though I've had a very good streak going, last week I came to the conclusion - I need help. There's only so much a person can do before they lose focus on themselves, and I hit that limit. There's always going to be those times where everything feels overwhelming, but it's possible to power through all of it.

I reached out to my primary care provider yesterday and had a talk with her about everything that was going on, and for the first time in my life I'm now on antidepressants. I know these aren't the end-all-be-all happy pills, but the goal is to prevent a free fall from a cliff and make it more like a walk down a slightly steep path.

I'm hopeful. For the first time in quite some time, I'm happy with myself. I reached out for help because I knew I needed it, and my wife, my best friend, and my friends at work all helped me through. It's good to have a support group that understands that mental health is definitely an item to focus on.

Thank you friends. Happy Thanksgiving to everyone!

Social Presence

I just had this thought while working on my new landing page - self plug, it's at https://hyp5r.io if you want to see it.

Social media has its purpose. From communicating with friends and family you normally wouldn't see, to keeping up with colleagues and groups you're involved in, social media is probably one of the best things to come out of the Internet. For those who know me, you will never hear me say that in person. Social media is one of the worst things to come out of the Internet as well. From having media tailored to your viewpoints while foregoing others, to instilling the inner clique that shares everything you value, you can imprison yourself in a world you believe is tailored to you.

Social media is an outright lie.

“Everyone is living for everyone else now. They’re doing stuff so they can tell other people about it. I don’t get all that social media stuff. I’ve always got other things I want to do – odd jobs around the house. No one wants to hear about that.”

Building and tailoring your social media does two things:

  1. Showcases your best moments to the world, and
  2. Demonizes your worst moments for no one to see.

That's how I see it. When I had Facebook, it's how mine always looked - I posted the best pictures of my family, the best moments, events, the things that I enjoyed. No one saw the effort it took to get the best pictures, the moments where everything looks to be decimated, the times where life felt absolutely meaningless... and that's why I had to stop using it.

Everyone handles stress differently. Social media, though, convinces you that there's no reason to be stressed... I mean, look at how everyone is doing! Your friends are hanging out, everyone's celebrating, families are growing - and all you do is watch and compare it to your own.

Every now and then, you need a reminder to let you know you're only seeing one side of the coin. Fight yourself to push for those good moments, the one that makes life worth living. No one stays king of the hill forever.

A Reminder

Because every now and then, I need to hear it.

Remind yourself that nobody has it all. Stop comparing your life with others. It is always a losing proposition. There will always appear to be people who have it better than you. But remember, we always compare the worst of what we know about ourselves to the best assumptions we make about others.

From A Helpful Guide to Overcoming Envy, last updated on October 29, 2019.

31 Days of Mood Tracking

Over the past month, I've taken mental health with a more serious tone. I've had mood swings throughout my adult life, but I've recently had days where my mood swings worse than it used to, and I wanted to get a feel for what's actually going on. I'm lucky to find an app that helps me journal and track my mood through the day, and I wanted to share results for the first 31 days.

Note that nothing in here is a sponsorship or endorsement - this is strictly my own opinion.

Enter Daylio

Daylio (https://daylio.net) has been my go-to daily app for tracking my mood throughout the day as well as giving me a small journal to document items of note. It's absolutely fantastic, and for those who fight depression, mood swings, or are just interested in how their mood changes day-to-day, this app is amazing and I'd highly recommend using it. Check out the stats below if you're curious about how the app shows the data you put in.

Statistics

Mood Chart

mood-chart

Things of note:

  • September 28th was the first and only time I recorded a very low mood - this was due to having the news that my oldest son was diagnosed positive with COVID.
  • October 11th was the first and only time I recorded a very high mood - this was due to quarantine ending and a sense of normalcy returning.

Average Daily Mood

average-daily-mood

Things of note:

  • Admittedly I'm surprised that Fridays are, statistically, my worst days for mood.
  • Sundays and Tuesdays are very close to me for being, statistically, my best days for mood.

Mental Health Awareness

I just want to throw out there that mental health is serious, especially during the COVID-era. Over the past year, we've all experienced some sort of disruption to what we consider normal everyday life, and not everyone experiences change the same way. While others preferred staying at home and riding everything out, others reveled in day-to-day communication in person. Not everyone is the same, but everyone should be treated the same.

Stay in touch with your friends, family, and loved ones - make sure everyone is healthy, even mentally. Not everyone has an outlet, a way to de-stress, a method to relax, so here's some suggestions that may help:

  • Write! That's what I'm doing now, and every now and then it works wonders. It's significantly easier to write out things rather than overthink them, so write them out of your head. You can always revisit it if/when needed, share, distribute, or delete whenever.
  • Call your friends, family, loved ones - I'm pretty guilty of not calling my family enough, but it does help. Reach out to someone and just ask them how they're doing. Sometimes people just need an ear, and if you're able, be that ear.
  • Take a walk, go outside, get out of your normalcy. It sounds like the opposite of de-stressing, but a walk can help mentally clear your head.

Mental health is a serious thing. Take care of yourself.

From An Introvert Who Appears Extroverted

Let's preface this - this comes from an almost-30-year-old male who works in information security. Communication is exceptionally important in a work life for this type of role. From relaying security risks, best practices, and even going down to help desk, I've written countless articles and thousands of replies to individuals and groups of people with the goal of solving problems. I absolutely enjoy this (for the most part), but it's odd because I'm very introverted elsewhere, and as I write this my question to myself is simply "Why?".

What Happened?

It's odd to think back on life so far, but I'm sure everyone does it. I can recall moments from my entire school "career", and by far the most successful from a communication standpoint has to be middle school (read: 11-13 years old). I still remember talking to absolutely everyone, enjoying every minute of conversation, really just being friends with everyone. It was lucky - not everyone gets a chance to be "that person" who can be friends with everyone, but it was around the end of middle school where cliques were made - and I felt like I didn't belong anywhere.

High School

Somehow I wanted to reinvent myself, so I did - high school was that time. I went from a high-water and Hawaiian shirt to more punk/emo culture. I was fascinated by it, from the culture itself to the music and all. Of course, being high school and still learning about myself, my identity changed with it as well.

Any customer can have a car painted any color that he wants so long as it is black.

This quote speaks absolute wonders about high school for me, because I practically lived it... if I was a car, of course.

So for the four years of high school, my identity revolved around a scene of black clothes, heavy metal, and cringy quotes. After all, high school for me was the MySpace era (sometimes I miss that, other times... well, it's probably better to be in the past). It wasn't until Senior year (read: 17 years old) that I started "snapping back" to reality (thanks Eminem). Four years of this identity didn't change my core values, and ultimately amounted to what I sometimes see as multiple missed opportunities.

However, I wouldn't change a thing now. I met my wife in high school. By far the best thing that's ever happened to me.

Tech School Life

A couple of years after high school, I started attending vocational school for what was then called Computer Information Technology. I didn't think college life was for me, I just wanted to learn about IT (really, get a sheet of paper that said I did) and get a job. Starting out, I was an introverted mess, for lack of better words. I never spoke in class unless asked, I never did anything but class work. I did my absolute best to be... well, generic. A forgettable face at the end of everything - and looking back, I don't know why I did that at the start.

I remember an event happening, though - during my first few weeks of class, an event occurred where an employee of the school I was at couldn't access any files. The computer was locked out, no passwords worked. My instructor was looking into it and didn't have any solutions there...

But I spoke up.

During high school, I took IT classes - I completely lucked out and was able to take four years of IT classes throughout high school. It also helps that I've practically bathed in IT since I was 8-9 years old. My brother introduced me to HTML and CSS then, and I enjoyed staying up all night and making websites of all kinds of useless stuff. I hate that I have none of it to show now, but the experience helped for this moment - I was a damn geek, and I knew how to fix this problem.

After solving this issue for the employee of the school, the instructor started calling on me for advanced technical stuff - I still did classwork, but not as much. I grew into a school-wide IT assistant. This actually boosted my confidence a hell of a lot, and suddenly the introverted side was gone... for now. I ended up working at the school after graduating for six years developing all kinds of IT solutions, but 2018 came and an opportunity shined, so I left.

So Everything's Good, Right?

Absolutely. Not.

If I ended everything there, you'd think that's the end of it - I went from introverted to extroverted, broke out of my shell, and now have zero communication problems.

It's a war zone in my head.

This could be an age-related thing, this could be paranoia, this could be anything. But have you ever felt like you didn't belong, even when you're reassured?

There are plenty of moments in life now where I want to hang out with friends, but I feel like I'm such an inconvenience to their day. When I say hang out, I don't mean plan a whole days worth of activities and stuff - a lot of times, I just like being in the same room as friends - there's a comforting feeling there, but it's a battle in my head as to whether I'm being an inconvenience... or a nuisance... or if they would rather be by themselves... or if I'm interfering with their work... or if I'm not considered a friend... or if...

I truly believe thoughts can kill.

It's an absolute nightmare battling countless negative thoughts, all for what I perceive is something simple. It's frustrating, especially when I can remember times where this was never a problem, so what happened?

Digital Communication - A Relief... Sort Of

I really luck out with being in the digital era - I don't have to actually talk to people if I don't want to, I can send a text message, use countless chat apps, or email and I can get my point across without any issues. Being able to type thoughts out helps tremendously, and it has a benefit too - I feel like I speak more freely typing than by speaking.

Ever have a moment where you try to say something nice, reassuring, kind, etc., and you just butcher the delivery, or it "comes out wrong"? Ever think about that moment for hours upon hours days, weeks, months after it happened and suddenly relive the embarrassing moment over and over?

Typing and texting helps to prevent that, though it also has it's drawbacks. It's hard to be able to infer emotion into text - emojis are by far the best thing to help with that, regardless of what anyone online says (looking at you Reddit).

Digital communication can never replace in-person communication, though.

So Why Write This?

Looking back at everything I've written, this is definitely scattered. There's a lot where I could elaborate further, and who knows - maybe I write a part two and cite back.

So why did I want to write all of this? It doesn't solve anything, it's just a rant or a ramble for the sake of it.

And sometimes, that's all you need. Sometimes an outlet, no matter how small, helps wonders. Surely I'm not the only one who feels this, but maybe someone else doesn't know what to do - maybe someone else things they're the only ones feeling like this too, so maybe this can be reassurance that they're not.

Email Etiquette From Your Friendly Neighborhood IT

I've seen this happen way too many times - an email was sent to a massive group of individuals, but the sender didn't blind copy the group, and now you have everyone hitting Reply All and causing a storm.

C'mon... it's not that hard to blind copy... is it?

Here's the thing, though - I was raised on computers. I've grown up with the technology trend, I've tried everything from OS/2 to Windows 3.1 to Ubuntu 9 - I breathe computers. Sometimes I have to make a conscious step back and look at tech from the perspective of the average computer user (it's surprisingly hard). This may be why a lot of IT may have condescending, almost know-it-all attitudes when helping others (and yes, this is a major problem with IT - IT is a customer service component, but no one likes to think that way).

With that said, here's some tips on email etiquette from your friendly neighborhood IT, boiled down to be as understandable as possible... I hope.

Sending Email to Multiple People

Email is a great way to contact multiple people, departments, even organizations to make sure everyone stays informed. Here's some tips to make sure that communication doesn't balloon into noise.

To, CC, BCC - What are these?

Here's my reference for when you want to use these:

  • To - This is for individuals that you explicitly need input from. You expect these people to reply back to you with more information or an acknowledgement.
  • CC - This is for individuals that you want to be informed but do not expect input from. Typically used as a "for your information" for your team members or executives.
  • BCC - This is for individuals that you want to be informed and do not want input from publicly. This can be used as a "for your information", but I've seen it also used in a "cover your ass" situation. Recipients in the BCC field are not shown publicly to the recipients.

Out of all of these, BCC has more uses than it advertises. Here's why.

Blind Carbon Copy

BCC is a powerful utility, and while the uses of it can be good, it can also backfire. Know that BCC'ing everyone is going to result in a lot more issues in the long run. Use it wisely.

Blind carbon copy, or BCC, has multiple different uses. As above, you can use it to inform someone without other recipients knowing - whether you need to as an FYI or a CYA.

Have you ever thought about using it to email groups of people?

If you need to email a mailing list, or multiple mailing lists, but don't want those lists to be exposed to the public, or don't want a reply-all storm to potentially happen, then adding your recipients in the BCC field only can help! I say this from experience - my place of work has mailing lists that can contain hundreds of people and I don't want everyone to (un)knowingly click on Reply All and email everyone in the mailing list their thoughts, concerns, complaints, etc. Adding those lists to BCC allows anyone to reply back only to myself - effectively, it makes repliers anonymous to the group, which can be useful depending on what you're emailing out.

Signatures

The primary use of an email signature should be for contact information. Period. That's not to say that signatures can have other uses, though.

How Can I Reach You, and How Should I Reach You?

Your signature needs to answer the above question. Include your name and phone number at the very least. For business use, include your job title, department, and business name.

Certifications, Degrees?

If you hold a professional certification, or multiple certifications, or college degrees, you typically don't want to put these in unless it's either a high ranking degree or certification(s) related to your job position.

Keep in mind that entry level certifications (and I can only speak to IS/IT here) such as CompTIA's A+, Network+, Microsoft MTAs, ITIL Foundations, or any other foundational cert shouldn't be listed. Those are good for your resume/CV, but not for your email signature. Do you hold a PMP or CISM/CISA, though? Definitely show those off.

Awards?

I've seen this one too, and it amounts to noise in the signature. If you've earned any awards, these are good for your resume/CV to an extent, but don't put them in your signature. I've seen signatures that are significantly longer than the message being sent... please don't do that.

Disclaimers

I'm very outspoken on this one - disclaimers do not belong in your signature (in my opinion). Looking at the US, there are different regulatory bodies that may enforce a disclaimer on emails, but the legal enforcement of those is not quite there. I reference this article from The Economist for more info there.

Sometimes, The Best Way to Help Is to Do Nothing

Have you ever been handed a task where your first thought is, "Why are we doing this?"

I'm not opposed to change - in fact, I welcome it. One of the first things I teach people who want to be involved in information technology and information security is that change happens on a daily basis. You've got to know what is happening and how to adapt to almost anything that comes your way. Look at all the ransomware articles going around as of late and you'll immediately understand how fast paced changes occur.

But this isn't about IT change. This is about providing services to those we believe need it.

I aspire to be in a position where I can think of the broader community and wonder, plan, and implement the idea of "What can we do as a company to ensure we're providing the best access to our services?". There's a hell of a lot of tape there that prevents this kind of thinking in my place of work, but due to an influx of monies, ideas float around that make absolutely no sense to implement.

There comes a point in planning for any project where the following questions are asked:

  • What do we need to get this project done?
  • How long will this project take to implement?
  • Who all needs to be involved in this project?

As of late, I wonder if anyone thinks of the last question:

  • Why do we need to complete this project?

"Why" is a subjective question no matter what follows it. You may be able to think of a hundred different technical or political reasons why something needs to be done, but ultimately the answer comes down to a general boilerplate response: "We need to assist [insert group]."

So you tell me: Why do we need to assist [insert group]?

Look, if you ask me to help, I'm going to help. I've written policies and procedures, I've automated countless systems, I've dived into job titles I never even thought I'd do in my life - and while I may have complained at the time, I absolutely enjoy the opportunity to learn how things work outside my personal scope. There are some times where I start to wonder what the scope of a said project is, and a job at a company is an ongoing, never-ending project.

I do reserve the right to ask "Why", and I have quite a few times. It's not to be condescending or as disrespect, I genuinely want to learn why you think the way you do. I may not agree with your answer, I may not agree with the project, I may not agree with your work ethic, but I'm entitled to any opinion I want to form and share (thus, I'm also entitled to the consequences of doing so).

Sometimes it's better to slow down on everything, take a breath, and look around at what everyone is doing. Listen in, hear thoughts, share concerns, actively take a role in everyone you interact with - learn what they do, ask what they need, how can you help, etc. Instead, we have individuals who want to assist everyone outside of their scope without focusing in, without input from those who have to make the project come alive, without repercussion on when a project fails or stalls...

Sometimes, the best way to help is to do nothing. Rather than take action on what you perceive as an issue, offer an ear and just listen.

docker-oclc-exproxy Released

Over the past several weeks, I've been finally able to sit down and learn about Docker. It's taken me honestly several years to actually understand what Docker does, how it all works, and the advantages and disadvantages of using Docker containers versus running VMs for each individual service. I'm glad to be able to say not only have I started the process of learning advanced deployment of Docker containers for both my home servers and my work, but I've written a Dockerfile for a software used by my work that could be useful in other educational institutions.

For those who use EZproxy by OCLC, this Docker container is a really safe way of running the EZproxy service for your campus. I've based it on the slim build of Debian, and the container only downloads the EZproxy BIN file to run within the container. I've been able to separate the config from the base BIN file, allowing it to run very smooth within a Docker container.

Feel free to check it out here!

The README.md file contains just about everything needed to not only get the container up-and-running, but it also includes some helpful snippets regarding getting Let's Encrypt SSL working within the EZproxy service.

Adding Separator Spaces to the Dock in Mac OS X

I'm a fan of organization... most of the time. Using my Mac provided by work is definitely one of those times where being organized is key. Sometimes there's some applications you can't live without, but they may not be related to the overall use of the machine (personal apps on a work machine, for example), so having a quick visual way to separate the apps is very useful. Below is how you can add separator block to your dock.

  • Open a Terminal window on your Mac.
  • Input the following line, then press Enter: defaults write com.apple.dock persistent-apps -array-add '{tile-data={}; tile-type="spacer-tile";}'
  • Input the following line, then press Enter: killall Dock

This will add a new blank space to the right-side of your Dock that you are able to drag and drop wherever is needed. You can run this as many times as needed to add multiple spacers as well!

Disabling Yammer, StaffHub, and Delve from Your Office 365 Tenant

Earlier today, I had a request to look into Microsoft’s Delve to see what it could do for my place of work… well, kind of. Delve seems like a nice product to see what everyone may be working on, but unfortunately, it’s a little misleading and it looks like files can be accessed by anyone on there. While the above statement isn’t actually true, certain aspects when browsing Delve really make you think that some of these documents shouldn’t be listed “publicly,” even though odds are that you were emailed the document and Delve just happened to place it there since it found it.

Admittedly, seeing this at the bottom of Delve doesn’t help matters too much, but it does lead to knowing how Delve actually works.

Now, this doesn’t mean that Delve is bad. It’s actually a pretty useful tool to see what documents are actively being worked on, and it’s a great tool to see items such as organizational charts, contact info, and more. However, there’s many other tools that do just that without the perceived risk of losing control of your data. Note that I said perceived risk – your data is not at risk, as Delve does not change file permissions nor actually store files, it just finds them in various areas like OneDrive, Outlook, Skype, Teams, etc.

This got me to looking around and see what else we don’t use, so I’ve looked and noticed we don’t use Yammer or StaffHub as well, so let’s disable these apps.

Disabling Delve

Disabling Delve isn’t really disabling Delve, but this disables Office Graph. Disabling Office Graph prevents Delve from showing any working files, but keeps access to other features such as the profile page with contact info, org. chart, etc.

You’ll need to log into your Office 365 Admin Center, then navigate to the SharePoint Admin Center. From there, click on Settings and look for the Office Graph setting. Set that to Don’t allow access to the Office Graph and you’re good to go.

Disabling StaffHub

Disabling StaffHub is probably the easiest of all of these as it’s just a toggle. To disable, head to https://staffhub.office.com/admin and login with an account that has administrative capabilities. From there, switch that toggle on Enable Microsoft StaffHub to Off, and you’re golden.

If you want to revoke the license from the accounts as well, you can run the following PowerShell code to quickly remove it from all users in your organization:

Connect-MsolService
$LO = New-MsolLicenseOptions -AccountSkuId <AccountSkuId> -DisabledPlans "<UndesirableService>"
$acctSKU="<AccountSkuId>"
$AllLicensed = Get-MsolUser -All | Where {$_.isLicensed -eq $true -and $_.licenses[0].AccountSku.SkuPartNumber -eq ($acctSKU).Substring($acctSKU.IndexOf(":")+1, $acctSKU.Length-$acctSKU.IndexOf(":")-1)}
$AllLicensed | ForEach {Set-MsolUserLicense -UserPrincipalName $_.UserPrincipalName -LicenseOptions $LO}
  • <AccountSkuId> will be the license assigned to the users. For example, one of my AccountSkuIds is org:STANDARDWOFFPACK_IW_FACULTY.
  • <UndesirableService> is the service that you want disabled. For StaffHub, this would be Deskless.

Disabling Yammer

Alright, get ready to be annoyed. There is no easy toggle for Yammer unless you’re a small organization. To disable it, you need to revoke the Yammer license from every licensed user in your tenant. If you’re like me, you’re going to want to PowerShell this. You’ll want to use the same code as above for disabling StaffHub, but with one notable change.

Connect-MsolService
$LO = New-MsolLicenseOptions -AccountSkuId <AccountSkuId> -DisabledPlans "<UndesirableService>"
$acctSKU="<AccountSkuId>"
$AllLicensed = Get-MsolUser -All | Where {$_.isLicensed -eq $true -and $_.licenses[0].AccountSku.SkuPartNumber -eq ($acctSKU).Substring($acctSKU.IndexOf(":")+1, $acctSKU.Length-$acctSKU.IndexOf(":")-1)}
$AllLicensed | ForEach {Set-MsolUserLicense -UserPrincipalName $_.UserPrincipalName -LicenseOptions $LO}
  • <AccountSkuId> will be the license assigned to the users. For example, one of my AccountSkuIds is org:STANDARDWOFFPACK_IW_FACULTY.
  • <UndesirableService> is the service that you want disabled. For Yammer, this can be YAMMER_EDU or YAMMER_ENTERPRISE, depending on your licenses.

Thoughts?

Here’s hoping this helps some Office 365 administrators on disabling services that they may not be using and do not want to use in the organization.

Locking Down a Linux Server - The Entryways

So my main goal for this week was to lock down my Linux servers at home. For the moment, I run two: A Raspberry Pi 3 running Raspbian, and my Synology DS418play which runs DSM. I’ll try to go over security basics that can apply to a wide range of Linux servers, but the bulk of my experience is with Debian-based distros, so if you’re not running Ubuntu, Debian, Linux Mint, or any other Debian derivative, your mileage may vary. These can also apply to other operating systems like Windows and Mac, it just depends on what you do with them.

Depending on what all you run on your servers, you may have various entryways to get in, including a web-based authentication (common on NAS appliances), GUI (whether it be GNOME, KDE, Cinnamon, etc.), SSH, Telnet (please don’t use Telnet), and other items you may not be thinking. It’s wise to think of all the possible ways to access data and secure them.

Telnet

So I’ll start with Telnet, and this one’s simple: Do not use Telnet. Seriously, if you still rely on Telnet in 2019, something’s wrong. You should never use Telnet if at all possible. By default everything under it is plaintext, including authentication. Disable it when possible.

SSH

SSH is the preferred CLI method, so here’s a couple of pointers for securing your SSH environment.

  • Disable password-based authentication and switch to a key-based authentication. Is it annoying as hell sometimes? Yes. Does it really increase your security? Yes. If you’re securing systems that include a lot of data, this should be a standard.
    • To accomplish this, edit the /etc/ssh/sshd_config file on your installation and set PasswordAuthentication no. You’ll also need to add your public key to ~/.ssh/authorized_keys, otherwise you’ll lock yourself out of SSH! Once all of that is set, a restart of your machine or a restart of the ssh daemon is needed (systemctl restart sshd).
  • Disable the root account and do not use it. It’s another one of those annoying things, but it’s much safer to add your account as a sudoer and sudo your commands. This also prevents you from being an idiot and accidentally running rm -rf / on your machine. At least then you’ll have to actually type in sudo rm -rf / for that to work. Also, don’t do that.
    • A quick-and-easy command to disable the root account would be passwd -l root. This will prevent the root account from being able to log in.
  • Change the default port of SSH. Yes, this is more of security-through-obscurity than anything else, but you’d be surprised how many common port scanners will check that port 22 to see if anything happens to run on it. Why not run your SSH on port 23, or port 21, or any other port? You do have 65535 options to choose from, might as well choose your favorite number… unless it’s 22.
    • To change this, you’ll be back in the /etc/ssh/sshd_config file on your system. Find the line that states # Port 22, remove the #, and change the number to what you’d like it to be. Restart your ssh daemon and you’ll be good to go.

GUI

So GUI methods sound a little weird, but this includes any way you see a system with more than just text. This can include accessing it through your favorite X server, through a web interface, and other means. Here’s some things to take a look at to help secure this side of your systems.

  • Enable two-factor authentication. This is by far the most common thing you can do to help secure these areas. Whether you use an app on your phone that supports TOTP codes, a hardware token like a Yubikey, or you print out a giant list of one-time-use codes (don’t do that), these methods add the extra step of “what you have” to your “what you know”.
    • Need some recommended apps to hold those TOTP keys? I personally use Authy as it syncs with my phone number. Want something that doesn’t sync and always stays local? Take your pick of Google Authenticator, Microsoft Authenticator, or go the open source route with FreeOTP.
  • Change the default port of your administration console. It’s another one of those security-through-obscurity things, but if you run a web interface admin console, it’d be a good idea to change the port from the default setting, as the default settings are likely a quick search away from being found.
    • A good example of this is setting up my Synology server, default ports for admin are 5000 and 5001 (HTTP and HTTPS, respectively). Did I change those? You’re damn right I did.

Other Quick Things to Note

So these are just a few things to think about when securing the so-called entryways to your systems, but here’s a couple of other general items to keep in mind.

  • Never expose your SSH port to the Internet. Seriously. If you want to see what it’s like to be port-scanned and potentially DDoS’d, then by all means, but this is a practice that is never recommended.
  • Never expose your admin console to the Internet. This is deja vu, really. Insert what I said above here.

Conclusion

So this is just a first port in securing your Linux systems. Later on I may decide to publish more advanced things to think about when securing these systems, as there are many things to think of when making sure your data stays where you want it.