Malware Protection on Proxmox Host reasonable?

B

BEHIND-IT

Member
Nov 4, 2017
4
0
6
37
Rödermark
Happy new year everyone!

I'm thinking about installing a some sort of advanced malware protection software on the Proxmox host, because in my opinion it shouldn't give a system without it regarding attacks out of vms / containers on INTEL / AMD or KVM / LXC. But i'm aware it maybe break wanted calls / function of Proxmox, like Clustering, KVM, CEPH, or LXC because of the "intelligent" / AI and so called algorithms which false positive intercept data streams.

Maybe i'm too security focused / fearful / paranoid. ;)
Whats your opinion or experience about this?

Should reducing attack surface, clean separated networks for vms and management, activated restrictive FW ruleset within Proxmox cluster and strong passwords / passphrase protected keys be sufficient?

Many thanks in advance!

Best regards
O.

---
Edit: Typo.
 
BEHIND-IT said:
Should reducing attack surface, clean separated networks for vms and management, activated restrictive FW ruleset within Proxmox cluster and strong passwords / passphrase protected keys be sufficient?
Click to expand...

This are only minimal to do. Sufficient? It is hard to say! Another tasks that you could do:

- proactive firewall(if somone will try to connect to some well known ports like ssh,mysql,telnet, etc -> block this IP for X hours)
- firewall dns (see https://abuse.ch/ )
- HIDS, central syslog, monitoring(bandwith, trafic volume/time for up/down)
 
Last edited:
  • Like
Reactions: BEHIND-IT
>>- proactive firewall(if somone will try to connect to some well known ports like ssh,mysql,telnet, etc -> block this IP for X hours)
I'm using www.bitninja.io, botnet ip reputation + honeyport. but in my vms (never tested with proxmox host, as it's mainly iptables+ipset based)

>>- firewall dns (see https://abuse.ch/ )
I'm using 9.9.9.9 (quad9)

>>- HIDS,
I'm using wazuh, works fine with debian. (ossec based + kibana)

>>central syslog
central rsyslogd + forwarding to elastic/kibana

>> monitoring(bandwith, trafic volume/time for up/down)
telegraf + influxdb
 
  • Like
Reactions: BEHIND-IT and guletz
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom