"WireGuard is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster,simpler, leaner, and more useful than IPSec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. "
"Hardening adds a layer into your automation framework, that configures your operating systems and services. It takes care of difficult settings, compliance guidelines, cryptography recommendations, and secure defaults."
"This is a set of recommendations used by the Linux Foundation for their systems administrators. All of LF employees are remote workers and we use this set of guidelines to ensure that a sysadmin's system passes core security requirements in order to reduce the risk of it becoming an attack vector against the rest of our infrastructure."
"EXT4 encryption will currently focus exclusively on attacks against file content (not metadata) confidentiality under a single point-in-time permanent offline compromise of the block device content. EXT4 encryption in its current form does not protect the confidentiality of file metadata, including the file sizes and permissions."
Security Enhanced Linux or SELinux is an advanced access control mechanism built into most modern Linux distributions.
"Many system administrators find SELinux a somewhat uncharted territory. The topic can seem daunting and at times quite confusing. However, a properly configured SELinux system can greatly reduce security risks, and knowing a bit about it can help you troubleshoot access-related error messages."