Security

[00:00:00]
>> I said it once, I said it again, security is one of the most important things we can do. So this whole section is on different ways of securing your application, which are pretty important. So let's go back to that auth log. Remember that yesterday, our server's been up for about 24 hours or so.

[00:00:18]
Let's check out what's going on in the world of our auth log. So give it a second to navigate there. So I'm going to say, sudo, Cat to read that file, var/log/auth.log, that's for our password. And everybody's auth.log is gonna look a little bit different, but what do you see?

[00:01:01]
>> A lot of activity.
>> A lot of invalid users.
>> Yeah, again, the minute you open your computer to the web, you're getting port scanned by everybody. Everybody's trying to connect to your machine. The Internet is a wide world place, not necessarily full of the best actors all the time.

[00:01:20]
So we spend extra time in this class going to security. Nothing too onerous that's going to interrupt your workflow but just really good practices to have because if you don't, people are going to take your machine and they will not stop trying. And we talked a bit about this yesterday, but what do we do if, because we blocked root, which was a good idea, but what do we do if someone just gained access to your server in general?

[00:01:48]
What could they do?
>> They could download as much stuff as they want and run through our bandwidth caps.
>> Yeah, they could download as much as they want, run through your bandwidth caps, what else?
>> Use it as a bot to attack other sites or infrastructure.
>> Yeah, they can take it over use as bots to attack the other infrastructure.

[00:02:18]
What about this one, which we often don't consider? Now that we have an SSH key on our server, they could connect to your GitHub via your server and then your company's profile, your company's work is probably on GitHub too. So they can steal your entire company via one unsecured server by you, and you didn't mean to do that, but that's the way these things work.

[00:02:41]
Another thing they can do is they can connect and then they can erase their tracks. They can delete the log files or just delete the lines log files, so you'll never even know your machine was compromised because people can clear all this stuff out. And the rule on a compromised machine is, you don't know what they've done.

[00:02:58]
So generally, if your machines or any company's machine have been hacked or taken over, all you can do is wipe them and restore something from a backup from a long-time ago because you don't know what they've done. And we've seen lots of this in history with computer, with companies getting hacked, and the people were in their machines for two, three, four years, because they thought they fixed the breach and they didn't.

[00:03:20]
Because people have dropped like a rootkit or something in there, and they're just in there watching, waiting. People think it's a bunch of kids and teenagers having fun, trying to take down your website, things like that, but the real malicious actors are the people that they play the long game.

[00:03:33]
They will wait years, and years, and years and try to compromise as much as possible. Hence, security is paramount when it comes to servers because everything's connected. So the strongest thing we do is use SSH key, we talked about that in a previous section, we don't use passwords.

[00:03:49]
Passwords are weak, passwords can be broken, people can brute force passwords, so we use SSH keys. We use something called firewalls, which says, hey, you're allowed to come into my server for say, I need to serve Internet traffic. You're allowed to do that, but you're not allowed to touch anything else, so we use a firewall.

[00:04:07]
Another thing we do that people don't often think of is we keep our software up to date. Because if there's a hack or a breach, you wanna make sure that your software is always running the latest.