Rate my security

Hello. I was the OP (and the victim by some malicious activity) at the topic here.

So, I wanted to harden my security so I won't have to suffer from something like that issue again. So, here. what I did so far:

• Changed the ssh port. I know this one does not have an effect that much, but I see a dramatic reduction of attacks at logs.
• I still have password login with my ssh password, but now I am using 2FA with Google Authenticator.
• Enabled ufw and left only SSH port open. Rest of the applications are being reached behind a reverse proxy.
• There is absolutely zero port binding with the docker containers, as port bindings break port rules defined by ufw. All tunneling is working within a separate docker network.
• All apps are behind an authentication process. Each apps have their own 'hard' type password which has symbols lower and upper cases numericals with at least 12 char long.
• Only app that has a reach to docker management is Portainer.

What else I can do? Are those bullets enough for preventing the history to re-occur?

Zitat von Loxley

• Use SSH keys.
• Segment your docker network. Containers that don't need to communicate should be unable to communicate.
• Does your ufw filter outgoing connections? A rogue service should not be able to communicate with the internet.
• Who builds your docker containers? Why do you trust them?
• How will you recognize the next situation? What if you are on holiday?
• Drop the character classes in your password policy (debunked years ago) and make them longer and random.

• I know I should SSH keys, but wouldn't 2FA would provide sufficient security?
• Yeah, I do segment my docker networks.
• I was not aware of that outgoing filtering thing. Will certainly look into them.
• I tend to use from 'Trusted Content' filter from docker hub.
• Can you suggest an anomaly detection tool for servers?
• It's my go-to policy

Thanks for the great hints!