Seven Critical Things To Protect Your Infrastructure and Data
https://infosec.engineering/seven-critical-things-to-protect-your-infrastructure-and-data/
@jerry one thing I am missing from this list is compartmentalization.
Put stuff in VMs, put stuff in containers, put stuff on different servers that do not talk to each other, if at all possible. Make pull, not push, backups. Same for logs.
Your public SFTP (you are using SFTP, not FTP, right?) server really does not need to have write access to your LDAP machine.
Basically do everything you can to limit any potential infection as much as possible by the design of your infrastructure itself.
@rysiek you’re right. I wrote that list based on a currently frustrating situation I may or may not be dealing with.
@jerry ah. In case you are, in fact, dealing with a situation that may or may not be frustrating, good luck!
