Security Protection Suggestions

[Chris Rivera]

I have found some brute force attacks from a vm trying to access a hostnode.

1. Is it possible for me to change the default ssh port to a custom one and not mess up proxmox?
2. Is it possible for me to change apache default port without messing anything up?
3. Is there an application or script that can be run to better protect against this type of intrusion?

 

[cmassoglia]

Maybe you need to put a firewall in front your cluster and configure VPN access to your hostnodes.

Also you must need to isolate hostnodes network using a dedicated vlan.

In our setup we must access to webui and ssh only through VPN. We put a Pfsense firewall in front all our infrastructure.

Sorry my bad english

 

[udo]

I have found some brute force attacks from a vm trying to access a hostnode.

1. Is it possible for me to change the default ssh port to a custom one and not mess up proxmox?
2. Is it possible for me to change apache default port without messing anything up?
3. Is there an application or script that can be run to better protect against this type of intrusion?

Hi,
fail2ban is a nice tool for that (i use it for other installations).

Take a look here: http://pve.proxmox.com/wiki/Fail2ban

Udo

 

[e100]

Maybe you need to put a firewall in front your cluster and configure VPN access to your hostnodes.

Also you must need to isolate hostnodes network using a dedicated vlan.

In our setup we must access to webui and ssh only through VPN. We put a Pfsense firewall in front all our infrastructure.

I agree with this suggestion.

Changing default ports adds no security, it might fool some dumb bots but not hackers.
Fail2Ban can help make it more difficult to brute force(which is good), but it does not add security. For example, a flaw in a service like SSH or apache could be exploited without triggering fail2ban.

If you seek security, isolate the host machines on a different network and use a VPN to access that network when you need to manage things.