-
Join the MyBroadband community
South Africa’s biggest forum. Discuss, discover, and connect with thousands of members.
-
Question of the Day: Have you ever been to an airshow?
How do you protect a linux host?
- Thread starter r00igev@@r
- Start date
r00igev@@r
Honorary Master
- Joined
- Dec 14, 2009
- Messages
- 15,640
- Reaction score
- 14,157
- Location
- Draadloos Bantha poo doo in 4ways
The SD-WAN software I use has made the transition but I still use the legacy tools when I need to do something myself. I'll need to pull my finger.
Which SD-WAN software is it ? Is it open source ?The SD-WAN software I use has made the transition but I still use the legacy tools when I need to do something myself. I'll need to pull my finger.
r00igev@@r
Honorary Master
- Joined
- Dec 14, 2009
- Messages
- 15,640
- Reaction score
- 14,157
- Location
- Draadloos Bantha poo doo in 4ways
It's proprietary software and protocols. But the dev said the conversion from iptables boosted the performance by 17%.
deweyzeph
Honorary Master
The first thing I do when I setup a new Linux VPS is disable SSH passwords and only use SSH keys. Then I install Wireguard and setup a VPN tunnel and setup the firewall to DENY ALL on the INPUT chain and slowly start adding firewall rules above that if necessary. Obviously I only SSH over the Wireguard VPN. The nice thing about most VPS's is that if you accidentally lock yourself out of your server there is usually a VNC option in the control panel of your hosting provider that gives you shell access to the server in an emergency.
Interesting! Are you using it in production ? Any feedback ? Any challenges?
We use it on a number of servers in production, it is brilliant. It is very simple to deploy and maintain.
r00igev@@r
Honorary Master
- Joined
- Dec 14, 2009
- Messages
- 15,640
- Reaction score
- 14,157
- Location
- Draadloos Bantha poo doo in 4ways
Will it work on a debian headend/fw or is it server only?
It integrates with iptables using ipset with separate processes that manage and feedback attacks into their system.
I can't see why it wouldn't work for you, if you have questions chat to their team they have always been very forthcoming with me.
I can't see why it wouldn't work for you, if you have questions chat to their team they have always been very forthcoming with me.
Do you have an interface to interact with it ?
Yes, a cloud console that your systems show in, each one has its own stats and controls and you can group systems together if you wish.
BitNinja AI-Powered Server Security - Elevate Your Linux Server Security
A server security suite with centralized dashboard containing an AI-powered Linux malware scanner, robust IP reputation, WAF, Spam Detection.
bitninja.com
Simple to install and manage from the cloud console
InvisibleJim
Expert Member
- Joined
- Mar 9, 2011
- Messages
- 4,210
- Reaction score
- 3,342
I was just reading through some of the CIS Benchmarks (you know, cause I wanted something fun to do on a Sunday! 
)
They're free with registration and might be useful to some reading this thread.
)They're free with registration and might be useful to some reading this thread.
pinball wizard
Honorary Master
I unplug mine and lock it in the firearm safe.