[Ilugc] Learning on backup systems

Vikas Tara vik at hamaralinux.org
Thu Dec 24 02:40:55 IST 2015


On 23/12/15 19:34, Shrinivasan T wrote:
> 5. Setup intrusion detection systems for critical servers. I thought it was
> boring and not an essential one. But understood the importance of them.
But probably not on any of those critical servers themselves. If you 
have a switch on your network with a sniffer port - I would connect to that.

Also, operate a DMZ. Use firewalls on everything (so perimeter firewall 
as well as fire walling between your hosts). If someone it going to 
comprimise you, then
compromising further hosts should be made as difficult as possible.

I recommend Suricata + Snorby as a good way to do the IDS bit.

Oh and once all your hardening and security set up is done, challenge 
someone to pen test it.

I'll do it if you want :)




More information about the ilugc mailing list