Proxmox security

[Alanl96]

Hi everyone. I use cloudflare zero trust to access my web services. My website traffic increased by 400% probably due to a DDOS attack. Cloudflare warned me that I probably have a vulnerability, so I shutdown my tunnels and I want to make some changes to my setup. It sounds like I need to learn how to use Kali Linux for pen testing.

Which one is more secure, An unprivileged container or a full blown Ubuntu server VM? I have 1 container and a bunch of VMs. What settings do you guys recommend for keeping my host system and network safe? The host is on my home network with a few VMs and the rest are in a separate network controlled by a pfsense VM with NAT enabled. Thanks for your help!

 

[Dunuin]

Which one is more secure, An unprivileged container or a full blown Ubuntu server VM?

VMs are fully isolated while LXCs share the kernel with the host. So from a security standpoint, a VM would be better.
Not sure about pfsense, but OPNsense got suricata IDS/IPS. I would guess pfsense also offers something like this to block malicious packets and IPs.

 

[Alanl96]

Thanks, I will use only VMs since I have the resources to fully emulate everything. I am going to try to install nginx and use it internally within my own network and practice pen testing without the website facing the internet.