-
Notifications
You must be signed in to change notification settings - Fork 53
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Lack Of Security Guides / Recommendations For Off-Chain Attacks #12
Comments
First, thank you for the thoughtful post. A lot of what you are saying makes 100% sense. Though this also begs a question: should wreassesses our approach when given the context of properly configuring the application? For example, we actually use a container os called Talos, you can read more about it here. There is no SSH. Its completely configured via API. It adopts the 'Least Functionality' approach. Implementing a least functionality approach you can model the applications based on activities they should be performing and deny the activities they should not be performing. Read more about the 'Least Functionality' approach from Bedrock Systems blog post. I will add your notes, I just need one thing from you, how you would like to be referenced for attribution? Email? GitHub user name? Also, the google sheet is no longer updated, I am actually starting to refactor all of. this into the Open Source Vulnerability format. The only reason why I did not have it originally machine readable is because MITRE's ATTCK format is way to complicated. This can potentially also bleverageded fonotifyingng downstream subscribers ovulnerabilitieses / new CVEs relevant to them. Often if people know about a potential risk, they will be more likely to act on it. If you have any recommendations / suggestions, would gladly welcome them! Cheers! |
Problem
The off-chain attacks section is pretty cool, and not something a lot of people consider. However the google sheets does not really mention any resources, guides, etc.. to combat against this. So I've provided some below:
Container Security
Docker has a number of features which can be used to help mitigate, and contain the damage from container escapes. This includes things like apparmor, seccomp, etc.. For example a really good thing to add to all your docker compose files is the following:
There more you can do, so i've listed some resources below:
SSH Security
Somewhat a followup to #11, so some simple recommendations:
I use the following script to bootstrap 2FA ssh on all new servers, etc..
Beyond the above here are some resources
Developer Workstation Security
Developer workstation security is super important, if your workstation is compromised the ability to pivot to other attacks will be greatly increased.
Windows
💀
Mac OSX
🤷
Linux
The text was updated successfully, but these errors were encountered: