Key features

• •Apply core security techniques including 2FA and strong passwords
• •Protect admin workstations via lock screens, disk encryption, BIOS passwords, and other methods
• •Use the security-focused Tails distribution as a quick path to a hardened workstation
• •Compartmentalize workstation tasks into VMs with varying levels of trust
• •Harden servers with SSH, use apparmor and sudo to limit the damage attackers can do, and set up remote syslog servers to track their actions
• •Establish secure VPNs with OpenVPN, and leverage SSH to tunnel traffic when VPNs can’t be used
• •Configure a software load balancer to terminate SSL/TLS connections and initiate new ones downstream
• •Set up standalone Tor services and hidden Tor services and relays
• •Secure Apache and Nginx web servers, and take full advantage of HTTPS
• •Perform advanced web server hardening with HTTPS forward secrecy and ModSecurity web application firewalls
• •Strengthen email security with SMTP relay authentication, SMTPS, SPF records, DKIM, and DMARC
• •Harden DNS servers, deter their use in DDoS attacks, and fully implement DNSSEC
• •Systematically protect databases via network access control, TLS traffic encryption, and encrypted data storage
• •Respond to a compromised server, collect evidence, and prevent future attacks