A collection of security guides, tools, cheat sheets and best practices I’ve found to be useful.
- A very good introduction to SSH (part 1, part 2, and part 3)
- Top 20 OpenSSH Server Best Security Practices
- It is best to deploy your own by installing OpenVPN on a VPS of yours
- privatetunnel.com, a consumer VPN by OpenVPN
Harden your OS
- GrSecurity, a set of patches to harden the Linux kernel
- SELinux, built-in into the Linux kernel for years. I am not really a big fan of it.
- Tomoyo, a MAC good enough to be used as a system analysis tool, its rules are easy to write
I gave two talks about them, Hardening One and Hardening Two. Find more here.
- macOS security checklist (*)
- How the NSA snoop-proofs its Macs, a bit old but something you may want to check anyway
- iOS configuration hardening guide by Australian Department of Defence
- A deep dive into the world of ‘dev-fused’ iDevices (archived page)
- Hardening Android for Security and Privacy, it may sounds impossible but there’s still something you can do
Websites and blogs
- Offensive Security
- OWASP and its periodic table
- Krebs on Security
- Schneier On Security
- Google Project Zero
- Naked Security
- The Hacker News
(*) Mantained by me. Please, tell me about your suggestions or any broken link you spot.