Malware Protection on Proxmox Host reasonable?

BEHIND-IT

Member
Nov 4, 2017
4
0
6
38
Rödermark
Happy new year everyone!

I'm thinking about installing a some sort of advanced malware protection software on the Proxmox host, because in my opinion it shouldn't give a system without it regarding attacks out of vms / containers on INTEL / AMD or KVM / LXC. But i'm aware it maybe break wanted calls / function of Proxmox, like Clustering, KVM, CEPH, or LXC because of the "intelligent" / AI and so called algorithms which false positive intercept data streams.

Maybe i'm too security focused / fearful / paranoid. ;)
Whats your opinion or experience about this?

Should reducing attack surface, clean separated networks for vms and management, activated restrictive FW ruleset within Proxmox cluster and strong passwords / passphrase protected keys be sufficient?

Many thanks in advance!

Best regards
O.

---
Edit: Typo.
 
Should reducing attack surface, clean separated networks for vms and management, activated restrictive FW ruleset within Proxmox cluster and strong passwords / passphrase protected keys be sufficient?

This are only minimal to do. Sufficient? It is hard to say! Another tasks that you could do:

- proactive firewall(if somone will try to connect to some well known ports like ssh,mysql,telnet, etc -> block this IP for X hours)
- firewall dns (see https://abuse.ch/ )
- HIDS, central syslog, monitoring(bandwith, trafic volume/time for up/down)
 
Last edited:
  • Like
Reactions: BEHIND-IT
>>- proactive firewall(if somone will try to connect to some well known ports like ssh,mysql,telnet, etc -> block this IP for X hours)
I'm using www.bitninja.io, botnet ip reputation + honeyport. but in my vms (never tested with proxmox host, as it's mainly iptables+ipset based)

>>- firewall dns (see https://abuse.ch/ )
I'm using 9.9.9.9 (quad9)

>>- HIDS,
I'm using wazuh, works fine with debian. (ossec based + kibana)

>>central syslog
central rsyslogd + forwarding to elastic/kibana

>> monitoring(bandwith, trafic volume/time for up/down)
telegraf + influxdb