Some thoughts about Security
-
@BRRABill said:
@Dashrender said:
that's not really an issue - he could have tons of gaming VMs, like Scott now has a MineCraft PE gaming VM.
The bigger question is, what are you hosting to the internet?
I'm just amazed to have that many servers for personal use. Kudos!
Well think about building a lab. You want a storage device, jump box and logging kind of at a minimum. That's three.
Now you want to test out a few OSes. You might have a VM for 2012 R2, 2016, 2012, 2008 R2, 2008, 2003 R2, CentOS 6, CentOS 7, Suse Leap, Suse Tumbleweed, Ubuntu 14.04, Ubuntu 15.10, Fedora 23, Arch Linux, Debian Jessie, FreePBX, FreeBSD, NetBSD, DragonFly, Solaris, Windows 10 and Gentoo.
That's 25 VMs without running any services, just having vanilla test platforms for different OSes!
-
@scottalanmiller said:
Now you want to test out a few OSes. You might have a VM for 2012 R2, 2016, 2012, 2008 R2, 2008, 2003 R2, CentOS 6, CentOS 7, Suse Leap, Suse Tumbleweed, Ubuntu 14.04, Ubuntu 15.10, Fedora 23, Arch Linux, Debian Jessie, FreePBX, FreeBSD, NetBSD, DragonFly, Solaris, Windows 10 and Gentoo.
That is "a few" OSes?
Hey, to each their own. I have a hard time just managing my Xbox One.
-
It's not many, really. All mainstream ones that you might want to have access to to test something or see how it installs or whatever. More than I test, but not many more. I don't test Arch or DragonFly, for example. But if you are testing appliances like FreeNAS and NAS4Free those will add up quickly too!
-
@scottalanmiller said:
Well think about building a lab. You want a storage device, jump box and logging kind of at a minimum. That's three.
I don't have a storage device or logging yet. What do you recommend? And what do you mean by a storage device? Like for shared /home?
-
Yeah, like a shared NFS or SMB for Windows. Or even ownCloud and stuff like that.
Logging... ELK. Can't beat it.
-
@BRRABill said:
@scottalanmiller said:
Now you want to test out a few OSes. You might have a VM for 2012 R2, 2016, 2012, 2008 R2, 2008, 2003 R2, CentOS 6, CentOS 7, Suse Leap, Suse Tumbleweed, Ubuntu 14.04, Ubuntu 15.10, Fedora 23, Arch Linux, Debian Jessie, FreePBX, FreeBSD, NetBSD, DragonFly, Solaris, Windows 10 and Gentoo.
That is "a few" OSes?
Hey, to each their own. I have a hard time just managing my Xbox One.
Oh, that's just a start. Much easier to manage today that it was "back in the day" as well! Over the whole Y2K thing I was interning, and had setup a computer to multi-boot Windows 95, 98, ME, XP, OS/2, OS/2 Warp, Red Hat 4, and I'm not sure how many different x86 compatible machine control things. I was ECSTATIC when that new thing called VirtualBox came around. Just thinking about what, and how easily, we can do things today compared to back then can make my head spin.
Edit: I forgot NT3.5, 4.0 and Windows 2000 as well.
-
@scottalanmiller What about monitoring?
-
-
@dafyre How hard is it to install for a noob like me?
-
@anonymous said:
@dafyre How hard is it to install for a noob like me?
It takes a little bit of work to get it going, but it's not too bad. They have packages available at http://www.zabbix.com/download.php
Documentation is at that link too... just download the docs for whichever Distro you are using. I'll be happy to help if you hit any snags.
-
@dafyre Thanks!
-
@Dashrender said:
@anonymous said:
The funny thing is someone would that it has value, because of all the work you put into protecting it
While some people might think that because of your extreme protections it has value, the reality is that most hackers won't bother - they will move on to easier targets.
Those who would be willing to go to nearly any length are probably doing so because they Know it's value, and that value is greater than the cost of them getting the data.
How about the port forwarding a customer of mine had for RDP, FTP, SMTP, HTTP, and HTTPS to their exchange server? Sounds like an easy target.... Makes sense why I saw 10,000 sessions coming from Russia and Poland IP's through their router to the exchange server.
-
@quicky2g said:
@Dashrender said:
@anonymous said:
The funny thing is someone would that it has value, because of all the work you put into protecting it
While some people might think that because of your extreme protections it has value, the reality is that most hackers won't bother - they will move on to easier targets.
Those who would be willing to go to nearly any length are probably doing so because they Know it's value, and that value is greater than the cost of them getting the data.
How about the port forwarding a customer of mine had for RDP, FTP, SMTP, HTTP, and HTTPS to their exchange server? Sounds like an easy target.... Makes sense why I saw 10,000 sessions coming from Russia and Poland IP's through their router to the exchange server.
cough it got hacked cough
-
@anonymous said:
@scottalanmiller said:
Well think about building a lab. You want a storage device, jump box and logging kind of at a minimum. That's three.
I don't have a storage device or logging yet. What do you recommend? And what do you mean by a storage device? Like for shared /home?
I do so much with syslog at home it's ridiculous. syslog-ng to MySQL database with custom written PHP front-end. Works like a charm. Have been using it for a few customers too. 0 cost to me or my company and way better than all those crappy Kiwi imitators logging to a flat text file with minimal searching. Try logging 10 ASA's to Kiwi for a week then searching for inbound/outbound connections for a single IP....not going to happen.
-
-
@quicky2g said:
@anonymous said:
@scottalanmiller said:
Well think about building a lab. You want a storage device, jump box and logging kind of at a minimum. That's three.
I don't have a storage device or logging yet. What do you recommend? And what do you mean by a storage device? Like for shared /home?
I do so much with syslog at home it's ridiculous. syslog-ng to MySQL database with custom written PHP front-end. Works like a charm. Have been using it for a few customers too. 0 cost to me or my company and way better than all those crappy Kiwi imitators logging to a flat text file with minimal searching. Try logging 10 ASA's to Kiwi for a week then searching for inbound/outbound connections for a single IP....not going to happen.
Yeah, can't imagine ever using Kiwi. What made you decide to not use ELK but to write something custom?
-
@scottalanmiller said:
@quicky2g said:
@anonymous said:
@scottalanmiller said:
Well think about building a lab. You want a storage device, jump box and logging kind of at a minimum. That's three.
I don't have a storage device or logging yet. What do you recommend? And what do you mean by a storage device? Like for shared /home?
I do so much with syslog at home it's ridiculous. syslog-ng to MySQL database with custom written PHP front-end. Works like a charm. Have been using it for a few customers too. 0 cost to me or my company and way better than all those crappy Kiwi imitators logging to a flat text file with minimal searching. Try logging 10 ASA's to Kiwi for a week then searching for inbound/outbound connections for a single IP....not going to happen.
Yeah, can't imagine ever using Kiwi. What made you decide to not use ELK but to write something custom?
Never heard of ELK. Will have to check it out. Wrote the custom one a while ago and never found a reason to use anything else. Super lightweight and can export to Excel. Log analysis and visual stats would be nice though.
-
-
@scottalanmiller said:
@quicky2g http://mangolassi.it/topic/5364/showing-off-our-new-elk-install
Do you use the real-time dashboard from this guys article?
-
Not yet, ours is pretty basic right now, but going to be doing a lot more with it soon, hopefully.