Security

[m-holstein]

Hello, I have talked with Borislav, he told me that you are looking for more secuity on the webserver.

In my past positions I have worked for a short time with the following tools that I would short introduce.

1. AIDE http://en.wikipedia.org/wiki/AIDE_%28software%29

It is a HIDS (host intrusion detection). It builds a database with hashes of files and their attributes. Then you can run it once or more often a day to check the current files against the database.

It needs some learning phases to find the best configuration to make not so many false alarms. But it is realy a good tool.

1. Nagios or Icinga https://www.icinga.org/ http://www.nagios.org/

icinga is a fork of Nagios

With this tools you can check nearly all values of a system. It is possible to react in on threshold breaks with notifications, or other actions (execute scripts).

I self have only with nagios worked. But this often the last years. Also in my current position.

1. Prelude http://www.prelude-ids.com/index.php/uk/

This have I today find on browsing the Internet for other IDS. No experience yet but makes a good impression and I will do a test on one of my systems

Ok, those are my suggestions Mark

[zhr0]

http://www.snort.org + iptables is the best

More for a look http://www.sourcefire.com http://www.securepoint.cc/ http://www.untangle.com http://www.ipfire.org http://www.netfilter.org/projects/iptables/ http://www.ipcop.org/ http://www.clearfoundation.com/

on security there is "prevention" and "detection"

the hardware setup on server will determine level quality security.

[m-holstein]

Yes of course, I forgot it. With snort you can watch for suspect IP traffic. And react on it. It's also a great security tool. But, I mean, not easy to handle. It's many year back that I have worked with.

[BorislavZlatanov]

Thanks, guys.

[FriendlyHacker]

Cheers, gonna rebuild the webserver in a few weeks and add more security options.