![]() This applies to any media, not just otome games. If you have a question, you can post it in the Weekly Questions post, where it will not be removed.Ībsolutely no promoting of piracy of any kind.Īnything promoting piracy, where you are illegally experiencing something for free that would be paid for normally, will be removed immediately. If you delete and repost within 24 hours the bot will still count it, so message the mods using modmail and we will reapprove it. This rule is enforced by u/ModeratelyHelpfulBot. If you're not interested in or uncomfortable with a topic or type of love interest, ignore it and do not engage (including downvoting).ĭownvote only if the post/comment is off topic or spam. You can disagree respectfully but if you respond with something inflammatory the mods will intervene. Respect others' views, opinions and preferences. No bigoted, discriminatory or dehumanizing language or personal attacks.Įxpress your views, opinions and preferences in a respectful manner. ![]() Rulesīe respectful, follow sitewide rules and reddiquette.Ĭode of Conduct, Sitewide Rules and Reddiquette Here we discuss our favorites and least favorites, suggest other games for our fellow maidens, and help each other out when we get stuck on a certain route. ![]() There's a few weird things, but it's mostly okay.ĭo not trust the firewall on the bastion host, if an attack can get into the bastion host, they can disable the firewall, so it cannot be used to limit egress.An otome game is a video game with a romance theme that targets the female audience (乙女ゲーム otome gēmu means Maiden Game). It's better than nothing, but consider using a firewall that's managed on a via a separate management network. I do agree that you should only allow SSH from a few known IPs. Limiting the number of users is weird, and not recommended. Create all the accounts you need to provide individual accounts for the staff that need to access the bastion host, you will need that as things like HIPAA require named accounts for auditing. ![]() None of the accounts need any privileges other than the most basic. Users do not need sudo/root privileges on a jump host. Other than those two complains, it's good recommendations.Ī final recommendation: If you use AWS though, consider using Session Manager instead of SSH and drop the bastion host. You can still connect using the SSH command, using proxy command in OpenSSH, but no public IP or bastion host is required. I think it's probably reasonable when performing your incident response or even threat modeling to assume the attacker has or could escalate privileges. The linked article doesn't discuss anything that would make that harder, although perhaps practices like staying patched and minimizing attack surface are somewhat assumed (they do bring up choosing your OS based on minimizing attack surface for example). There's also a lot you can do to harden that boundary. You can harden your kernel, you can execute user's shells in constrained environments like docker containers or restricted shells, leverage sandboxing technologies like apparmor or selinux, etc. The user/root boundary can be a lot thinner than people expect, so I get why you'd want to point out that reliance on the attacker not escalating should be met with an evaluation of that boundary, but I think it may be understating the boundary to unconditionally not trust a host based firewall, or to say that getting onto the bastion itself is enough to disable the firewall when it does indeed require escalation. Twice I've seen Bastion Hosts compromised. Both times it practically gave the attackers the highest access. In one case it basically hid where the attack came from (compromised logs and all). In another it let them hijack an admin's password by reading his sudo. If you are forced to use one, send logs to a safer one-way storage encrypted and put tampering triggers everywhere you can in the Bastion Host. Also make sure you log outgoing connections. ![]() And make sure you can easily match incoming to outgoing. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |