Bulletproofing servers¶
Running your own container, web, and mail servers is empowering—until it becomes a liability. Small setups are prime targets precisely because they often lack enterprise-grade defences. But with the right approach, you can build a “poor man’s enterprise stack” that’s both functional and resilient.
Core threats to small on-prem systems
Containers gone rogue → Unpatched images, exposed Docker sockets.
Webserver exploits → SQLi, brute force attacks, outdated PHP.
Mailserver abuse → Open relays, spoofed domains, spam blacklists.
Enterprise security, minus the enterprise budget (and headaches)
- The wake-up call
- Hardening Linux server
- User account sanity checks
- Remove unnecessary services
- Preventing unauthorised access while respecting privacy
- The CIA triad framework for security
- Title
- Taming permissions, xattrs & the dangers of SUID/SGID
- PKI: The beautiful mess of digital trust (and why nothing works properly)
- From basic monitoring to intrusion detection
- Continuous host monitoring and threat detection
- Incident response plan
- Troubleshooting
- Hardening webserver
- Smarter mail servers
- Types of mail servers
- Securing Postfix: MTA & SASL authentication essentials
- DNSSEC: Better than nothing, but not a silver bullet
- Securing email transport: TLS, DANE & MTA-STS
- SPF: The first line of defence against email fraud
- Domain Keys Identified Mail (DKIM)
- Domain-based Message Authentication, Reporting and Conformance (DMARC)
Last update:
2025-05-19 17:28