diff options
Diffstat (limited to 'security/index.html')
| -rw-r--r-- | security/index.html | 95 |
1 files changed, 95 insertions, 0 deletions
diff --git a/security/index.html b/security/index.html new file mode 100644 index 0000000..c62f63d --- /dev/null +++ b/security/index.html @@ -0,0 +1,95 @@ +<!DOCTYPE html> +<html lang="en"> + <head> + <meta charset="UTF-8"> + <meta property="og:title" content="Xservers Security"> + <meta property="og:description" content="Xservers Security"> + <meta name="referrer" content="same-origin"> + <meta name="viewport" content="width=device-width,initial-scale=0.7"> + <meta name="description" content="Xservers Security"> + <meta name="keywords" content="xservers, server, network, servers"> + <title>Security - Xservers</title> + <link rel="stylesheet" href="/css/bootstrap.min.css" type="text/css"> + <link rel="stylesheet" href="/css/xservers.css" type="text/css"> + </head> + <body> + <nav class="navbar navbar-dark position-relative navbar-expand-lg"> + <div class="container-fluid"> + <a class="navbar-brand gtext fw-bold fs-3" href="/">Xservers</a> + <button type="button" class="navbar-toggler" data-bs-toggle="collapse" data-bs-target="#navmenu"> + <span class="navbar-toggler-icon"></span> + </button> + <div class="collapse navbar-collapse text-wrap" id="navmenu"> + <ul class="navbar-nav me-auto"> + <li class="nav-item"> + <a href="/" class="nav-link page_link">Home</a> + </li> + <li class="nav-item"> + <a href="https://forum.xservers.dy.fi" class="nav-link page_link">Forum</a> + </li> + <li class="nav-item"> + <a href="/servers" class="nav-link page_link">Servers</a> + </li> + <li class="nav-item"> + <a href="/debianrepository" class="nav-link page_link">Debian package repository</a> + </li> + <li class="nav-item"> + <a href="/security" class="nav-link page_link">Security</a> + </li> + <li class="nav-item"> + <a href="/about" class="nav-link page_link">About</a> + </li> + </ul> + </div> + </div> + </nav> + <div class="container-fluid position-relative text-wrap mt-4"> + <div class="container align-center xgradbg shadow-lg"> + <h1 class="h1 text-white text-center fw-bold">Xservers Security</h1> + </div> + <br> + <p class="text-white fs-5 text-center"> + All security related things at Xservers are configured to be strict as possible to prevent any attempts of unauthorized access. + <br> + Below are some security measures taken to make sure there's enough security. + </p> + <br> + <h2 class="h2 text-white text-center">Mandatory Access Control (MAC)</h2> + <p class="text-white fs-5 text-center"> + This plays one of the biggest parts in server security by restricting the running server programs to very limited access to files directly, the server programs are only allowed to execute pre-defined programs required with same restrictions applied to them and the pre-defined programs allowed to execute aren't allowed to be modified by the server programs. Each server program is separated from other server programs files. (<a href="https://en.wikipedia.org/wiki/Mandatory_access_control" class="gtext" rel="noreferer noopener nofollow" target="_blank">MAC explained in wikipedia</a>) + </p> + <br> + <h2 class="h2 text-white text-center">Least privilege</h2> + <p class="text-white fs-5 text-center"> + Using least privileges for all programs is done to prevent access to anything outside of the specific programs required things. (<a href="https://en.wikipedia.org/wiki/Principle_of_least_privilege" class="gtext" rel="noreferer noopener nofollow" target="_blank">Least privilege explained</a>) + </p> + <br> + <h2 class="h2 text-white text-center">DoS/DDoS prevention</h2> + <br> + <p class="text-white fs-5 text-center"> + There are currently 2 parts in the network for rate limiting: network switch and firewall on the server to check incoming traffic right as it's received. + </p> + <br> + <h2 class="h2 text-white text-center">Privilege separation</h2> + <p class="text-white fs-5 text-center"> + Privilege separation in server programs is used always when possible. (<a href="https://en.wikipedia.org/wiki/Privilege_separation" class="gtext" rel="noreferer noopener nofollow" target="_blank">Privilege separation explained</a>) + </p> + <br> + <h2 class="h2 text-white text-center">Encryption</h2> + <p class="text-white fs-5 text-center"> + In server the encryption features of ZFS is being used to encrypt important directories/files with AES-256 with decryption key stored in encrypted KeePassXC file (also using AES-256), logins for SSH (remote access to server) is done using SSH keys only with plain passwords not allowed (logins must have both the SSH key and the password for it). + </p> + <br> + <h2 class="h2 text-white text-center">Logs</h2> + <p class="text-white fs-5 text-center"> + Failed logins are logged for the purpose of detecting any attempts for unauthorized access. + </p> + <br> + <h2 class="h2 text-white text-center">Firewall rules</h2> + <p class="text-white fs-5 text-center"> + Firewall rules are used to on top of rate limiting restrict access to servers that only need to be accessible to server but not outside the server, for example accessing database directly requires to connect through SSH using SSH key and password for it in order to then access the database directly through SSH. + </p> + </div> + <script src="/js/bootstrap.bundle.min.js" defer></script> + </body> +</html> |