sysadmin

510 readers

1 users here now

/c/sysadmin

For things like:

Why is it dns?
Why would I buy cisco when I can save money on X?

founded 2 years ago

MODERATORS

[email protected]

What Intrusion Detection Systems are you using? (reddthat.com)

submitted 2 years ago by [email protected] to c/[email protected]

1 comments fedilink hide all child comments

Hey Sysadmin,

I need some ideas around "IDS/IPS".

What are people using for passing security audits?
What about for AWS / Azure?
Can they cover devices on/off prem (work from home, etc)
What is a figure that your management team actually approved?

top 1 comments

sorted by: hot top controversial new old

[–] [email protected] 3 points 2 years ago

Not professional sysadmin. I run my homelab and handles a few servers at work. I don't use IDS. So may be irrelevant.

WAF to stop HTTP parameter pollution and request smuggling
Fail2ban on SSH and move ssh away from port 22
Setup LAN recursive resolver and disallowed outbound raw DNS

For me, a lot more emphasis is on defending the application

Setup systemd unit hardening
Use Landlock LSM to whitelist directories (modifying source needed). Stops directory traversal and command execution
TLS or stunnel between application and database
Point DNS to local resolver
LD_PRELOAD hardened allocator

I'm currently looking into the Linux port of pledge to further reduce post exploit attack surface. But the project is not mature enough for production, yet.