As title says, i’m curious about the worst case scenario in which an attacker tries to hit my system.

The system configuration is the following: i have some services (important ones) accessible only trough VPN, like SSH (key-based auth only), Pihole…Others are publicly accessible, like Immich, Jellyfin (and so on…).Public ones are accessible via reverse proxy (Caddy) and protected by CrowdSec (which bans IPs outside my country and those failing auth 3 times).

What could happen if an attacker finds out a vulnerability on some public service? Would he be only able to access service’s files (like an appropriate login), or delete/encrypt data (as some cases of blackmail) or even pull out and steal my data?
I’m wondering this because i want to know if CrowdSec+Docker (to preserve permissions on the system) is enough to secure a server.

  • chaplin2@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    You are doing it wrong: SSH with key authentication is the most secure piece, and could even be public. Immich and Jellyfin surely have zero days and should be behind VPN

    • Suspicious-Iron-5526@alien.topOPB
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Could you elaborate more on immich and jellyfin? I suppose you’re referring to a brute force attack. Isn’t a geoip block + 3 fail attempt to be banned secure enough?

      • chaplin2@alien.topB
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        I’m referring to ZERO DAYs. OpenSSH is a serious security product. Those web apps are written by random people and probably riddled with vulnerabilities not known to public.

        Here is the rule. Only a trusted vpn and ssh key authentication can be public.