Looking for tips as a newbie following install to make system secure

[indieben]

Hello, does anybody have a top 10 list of priority things for me to do to make sure my Proxmox system is really secure please ? I am running virtual machines (I just used the standard setup of Proxmox 3.0 the other day and I haven't done any firewall stuff - i'm not very good at it!) as follows:

1) Web Host (CentoOS 7/ISPConfig 3)
2) Email Server (CentOS 7 /Iredmail)
3) Asterisk/FreePBX (Schmooze (Modified CentOS) (AKA FreePBX Distro)
4) System for users to log in to their desktop and use remote desktop-ing - still looking to set this up (Debian basic install (Latest))
5) Document Server - Still looking at how to set this up! (CentOS 7).

I have not installed anything else on Proxmox, one thing I am concerned about is running updates on Proxmox itself - will this break my virtual boxes? Also people's "top 10" security tips would be really gratefully received I run a small homeless outreach grassroots project where money comes out of back pocket - I'm not lazy, don't mind doing the work but a pointer in the right direction would be really good I also understand that the Venom exploit has been sorted out in 3.0 as part of the version available for download (without additional work)?

Many thanks,

indieben

 

[udo]

Hello, does anybody have a top 10 list of priority things for me to do to make sure my Proxmox system is really secure please ?

Hi,
how secure is really secure??
Security is relative and more an process than an status.
You can't mark the top-10 list and be 100% secure - I know, many companies sell such products but this is snake oil.
You can't get 100% security - except you power your computer off.

I am running virtual machines (I just used the standard setup of Proxmox 3.0 the other day and I haven't done any firewall stuff - i'm not very good at it!) as follows:

1) Web Host (CentoOS 7/ISPConfig 3)
2) Email Server (CentOS 7 /Iredmail)
3) Asterisk/FreePBX (Schmooze (Modified CentOS) (AKA FreePBX Distro)
4) System for users to log in to their desktop and use remote desktop-ing - still looking to set this up (Debian basic install (Latest))
5) Document Server - Still looking at how to set this up! (CentOS 7).

I have not installed anything else on Proxmox, one thing I am concerned about is running updates on Proxmox itself - will this break my virtual boxes?

virtual boxes?? You mean VMs/CTs (kvm/openvz)?

Normaly you can easy do the upgrades (for security reason you should do that). But if you get an patched kvm-binary, this will first active, if the old process are stopped and started again.
New kernels need an reboot to be activated.

Also people's "top 10" security tips would be really gratefully received I run a small homeless outreach grassroots project where money comes out of back pocket - I'm not lazy, don't mind doing the work but a pointer in the right direction would be really good I also understand that the Venom exploit has been sorted out in 3.0 as part of the version available for download (without additional work)?

Many thanks,

indieben

for network security it's better to use openvswitch than the normal linux bridge.

Udo