Develop a plan for breach detection

BonnyCI / projman

A project management repository -- meta

0 stars 2 forks source link

Develop a plan for breach detection #192

Open ConsoleCatzirl opened 7 years ago

ConsoleCatzirl commented 7 years ago

[ ] Write a spec

ConsoleCatzirl commented 7 years ago

Tangentially related: BonnyCI/hoist#312 adds a fail2ban role to mitigate abuse attempts.

ConsoleCatzirl commented 7 years ago

Options:

Deploy open-source IDS tools such as snort or OSSEC.
Build tooling around ELK to monitor or periodically query logs.

SpamapS commented 7 years ago

Network IDS would require that we somehow push traffic through our own routers. I believe that's entirely doable with security groups doing the egress, just not sure how much it might cost us in network performance.

We should also think about host IDS, like tripwire.

SpamapS commented 7 years ago

We can even take advantage of our cloudyness and mount disk snapshots to do tripwire checks and rootkit checks offline.