Happy new year everyone! I'm thinking about installing a some sort of advanced malware protection software on the Proxmox host, because in my opinion it shouldn't give a system without it regarding attacks out of vms / containers on INTEL / AMD or KVM / LXC. But i'm aware it maybe break wanted calls / function of Proxmox, like Clustering, KVM, CEPH, or LXC because of the "intelligent" / AI and so called algorithms which false positive intercept data streams. Maybe i'm too security focused / fearful / paranoid. Whats your opinion or experience about this? Should reducing attack surface, clean separated networks for vms and management, activated restrictive FW ruleset within Proxmox cluster and strong passwords / passphrase protected keys be sufficient? Many thanks in advance! Best regards O. --- Edit: Typo.
not really an antimalware (local scannin), but I'm running suricata ids on host to monitor network traffic, without any problem.
This are only minimal to do. Sufficient? It is hard to say! Another tasks that you could do: - proactive firewall(if somone will try to connect to some well known ports like ssh,mysql,telnet, etc -> block this IP for X hours) - firewall dns (see https://abuse.ch/ ) - HIDS, central syslog, monitoring(bandwith, trafic volume/time for up/down)
>>- proactive firewall(if somone will try to connect to some well known ports like ssh,mysql,telnet, etc -> block this IP for X hours) I'm using www.bitninja.io, botnet ip reputation + honeyport. but in my vms (never tested with proxmox host, as it's mainly iptables+ipset based) >>- firewall dns (see https://abuse.ch/ ) I'm using 9.9.9.9 (quad9) >>- HIDS, I'm using wazuh, works fine with debian. (ossec based + kibana) >>central syslog central rsyslogd + forwarding to elastic/kibana >> monitoring(bandwith, trafic volume/time for up/down) telegraf + influxdb
Hi @spirit , Thx. Good points. I also use ossec, but not kibana, as I do not want/like to use any java base appl.
