Basics
What's on my Network
Do you know who's on your network? Set up a Network Intrusion Monitor and you know. Used Pi.Alert but found an alternative, WatchYourLAN with Telegram or something.
Security
Today security is more important than ever in the history of computing. Take it seriously and be prepared - a security breach is to happen any day. Hardening servers is the key to create secure environments where data is secure and systems work 24/7. Remember it's not if, but when.
Basics
Monitoring
Proxmox monitoring using #influxdb and #grafana running in a LXC container. Monitoring is a key part of the security and hardening process.
Basics
Proxmox Users Setup
To secure the Proxmox node or cluster we need to set some user things on the OS level (Debian) and some more then in Proxmox. Having servers in a Data Center also needs some more security measures to be in place. Servers are key targets for hackers, gain access to thousands accounts in one go.
Remote Access
Jump Servers
The Jump Box, Host or Server or a Bastion Host or Server. By create a highly secured, The Jump Box with web access and use it to jump to servers on a internal and dedicated network we only have 1 server exposed to the web not 5. #2FA #TUI #TOTP
Build
Proxmox User Management
Yes, you need more than root. Security says busing root everyware isn't safe and that segregating of duty is a good way to hardening security.
Proxmox
Proxmox HA
Making a Proxmox High Availability Virtual Machine cluster without a NAS or GLUSTER or CEPH. Some apps are extremely valuable and needed in our systems. They need to bee up 24/7. How to do it? And are we willing to bare the cost? That's all folks - now we have a 24/7 VM running.
Build
Proxmox Backup Strategy
What if your servers don't work, Where is your data? When is it up again?You need to create a solid back-up strategy and stick to using it. You can and should refined the strategy on a regular basis. Basic rule is the 3-2-1 rule
Security
Monitoring Servers with Graphs
Monitoring Servers and VM's before tweaking VM's is one of the most fundamental tasks. Running thousands of pods on a server it's better to follow their performance. With tiny clusters it's vital to know whats going on. For this post we setup #Zabbix and #Grafana
Networking
Howto setup Bind 9 DNS - 2
Building on the part one: Domain Name Servers are used in corporations. Enterprise networks typically have many subnets in the rfc-1918 range like 10. or 172. range, divided by function, department, floor of building and/or division - there is many ways to skin a cat. #DNS
Security
Hardening Servers 3
The only secure server is: the one that has never started and never had a network cable attached to it! A list of 16 things to start with. #security #server #ssh #2fa #keys #tokens #email
Security
Hardening your Servers
A install gets 60-65 points not 100. The obvious is to update and upgrade software and install security hardening apps like firewalls, fail2ban, #ClamAV, #LMD. The first task is to make a plan that we call a IT Security Strategy. After a SSA you start fixing your #security #hardening.
Security
Security Audit and Lynis
Prepare for a Security Audit or check your Server for Security Hardening. All Companies need to take a SA from tile to time by an outside Agency. Many corporations with ISO 9001/27001 certs has written protocols to follow visa-vi testing and setting up services. #security #hardening #audit # lynis