请问HN:你们使用什么技巧来保护自己免受网络攻击?
让我们来听听……作为开发者和工程师,我认为我们都应该 adopt “假设被攻击”的心态。
你有没有自己保持安全的小技巧?
我先说说,我喜欢在个人电脑、服务器和 AWS 的“管理员”配置文件中放置金丝雀令牌。我还使用一台旧的树莓派,配合 knockd,当有人扫描我的家庭网络时,它会触发一个简单的 bash 脚本,通过 Slack 向我发送警报。我以前有一个定时任务,会在特定的 URL 路径上(HTTP 和 HTTPS 各不同路径)访问我的服务器网站,路径中包含加密的 WiFi 名称,每次都会向我发送 Slack 通知……这个想法是,当有人成功中间人攻击我的流量并出于好奇去检查时,它会提醒我。
还有更多,但我想知道其他 HN 的朋友们都做些什么呢? :)
查看原文
Let's hear it... as developers, engineers, I think we all should adopt the "assume breached" mentality.<p>Do you have your own personal tricks to stay safe?<p>I will start, I like to put canary token in my personal machines, servers, aws "admin" profile in config file. I also use an old raspberry pi with knockd that triggers a simple baschscript to alert me in slack if someone scan my home network. I used to have a cron job to hit my server website on specific url paths on both http and https(different path for each) with an encrypted name of wifiname in the path and it would send me slack notification everytime... the idea is when someone manage to mitm my traffic and gets curious to check, it would alert me about it.<p>There are more but i wonder what other things HN-er do ? :)