top | item 30621191

(no title)

don't host anything crypto related, setup ssh with public key auth using a strong passphrase, restrict access via vpn / only expose the required ports via firewall, ensure your services don't report version numbers to avoid fingerprinting, be cognizant of the software running on the box so if/when the next log4j happens, you're able to react accordingly.

discuss

4oo4|4 years ago

All great advice. I would just add that I think it's OK to host crypto things, as long as they are not public facing or only accessible via a VPN. For example, it's possible host your own private bitcoin node and electrumx server to privately manage a bitcoin wallet, and the only connections to it besides your own clients would be fetching bitcoin blocks from other nodes. But, that assumes that you don't keep any bitcoin wallets on the server itself, and configure it to not advertise itself on the network.

I would also add that containers are great too, so if something does get exploited that it limits the damage a single exploited app can cause.

boxingrock|4 years ago

crypto requires a mindset, both in securing your server and protecting your online identity. i'd avoid it for someone trying to learn the basics.