Open m-holstein opened 10 years ago
http://www.snort.org + iptables is the best
More for a look http://www.sourcefire.com http://www.securepoint.cc/ http://www.untangle.com http://www.ipfire.org http://www.netfilter.org/projects/iptables/ http://www.ipcop.org/ http://www.clearfoundation.com/
on security there is "prevention" and "detection"
the hardware setup on server will determine level quality security.
Yes of course, I forgot it. With snort you can watch for suspect IP traffic. And react on it. It's also a great security tool. But, I mean, not easy to handle. It's many year back that I have worked with.
Thanks, guys.
Cheers, gonna rebuild the webserver in a few weeks and add more security options.
Hello, I have talked with Borislav, he told me that you are looking for more secuity on the webserver.
In my past positions I have worked for a short time with the following tools that I would short introduce.
It is a HIDS (host intrusion detection). It builds a database with hashes of files and their attributes. Then you can run it once or more often a day to check the current files against the database.
It needs some learning phases to find the best configuration to make not so many false alarms. But it is realy a good tool.
icinga is a fork of Nagios
With this tools you can check nearly all values of a system. It is possible to react in on threshold breaks with notifications, or other actions (execute scripts).
I self have only with nagios worked. But this often the last years. Also in my current position.
This have I today find on browsing the Internet for other IDS. No experience yet but makes a good impression and I will do a test on one of my systems
Ok, those are my suggestions Mark