Security

Network

Fail2ban : Python : brute-force protection

Scans log files and bans IPs that show the malicious signs – too many password failures, seeking for exploits, etc

nftables : C : firewall

Administration tool for packet filtering and classification

OpenSSH : C : secure services

Free SSH protocol suite providing encryption for network services like remote login or remote file transfers

• “Secure Secure Shell”

WireGuard : C : secure tunnel

Extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography

Virtualization

Firejail : C : sandbox

SUID sandbox program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux namespaces, seccomp-bpf and Linux capabilities

Docker : Go : application container

Run applications securely isolated in a container, packaged with all its dependencies and libraries

LXC : C : system container

Offers an environment as close as possible to the one you’d get from a VM but without the overhead that comes with running a separate kernel and simulating all the hardware

Web

See also

Transport Layer Security

HTTP headers

Content Security Policy (CSP)

Mechanism by which web developers can control the resources which a particular page can fetch or execute, as well as a number of security-relevant policy decisions

• Quick Reference Guide

X-Content-Type-Options

Require checking of a response’s Content-Type header against the destination of a request

Further reading

• OWASP - Free and open software security community