[chousuke]

On Linux, you can harden a bit against memory dumping by disabling ptrace. Set the "kernel.yama.ptrace_scope" sysctl to 3 and the easiest attack will no longer work, if you have processes that don't explicitly request disallowing ptrace.

[staticassertion]

I actually don't believe that scraping memory is the easiest attack, I just mentioned it informationally. I strongly believe attackers are more likely to hijack sessions.

But yeah, ptrace is definitely something to watch out for. Monitoring ptrace is also something defenders can do if they're not in a position to disable it (if you're working for a software company your engineers will ptrace).

[ikiris]

No, you should use short lived certificates, ideally locked inside hardware tokens and 2fa.

This is just snake oil that doesn't actually add protection.

[chousuke]

But it does help; in most cases, it requires no effort whatsoever, in contrast to using something like SSH certificates which may not even be possible, depending on the environment.

There's no such thing as perfect security, but that doesn't mean you shouldn't lock your door.