Differences

This shows you the differences between two versions of the page.

--- cloudappliance/bestpractices [2018_07_30 15:54] – [1 Introduction] jim
+++ cloudappliance/bestpractices [2020_07_29 11:38] – smeadmin
@@ Line 7: / Line 7: @@
-===== 1 Introduction =====
+===== 1. Introduction =====
-The Storage Made Easy File Fabric is provided as an interoperable OVF file and can work with VMWARE, XEN, KVM, and Hyper-V hypervisors. It can also be installed on bare metal\\ \\  The File Fabric uses the Apache Web Server to serve pages and the underlying Linux Operating Systems is CentOS. CentOS is hardened using NSA hardening guidelines. You can review these at:\\ \\ http://www.nsa.gov/ia/mitigation_guidance/security_configuration_guides/operating_systems.shtml
+The Storage Made Easy File Fabric is provided as an interoperable OVF file and can work with VMWARE, XEN, KVM, and Hyper-V hypervisors. It can also be installed on bare metal.
-The File Fabric is also extensively penetration tested use Commerical penetration testing software pre each release.
+The File Fabric uses the Apache Web Server to serve pages and the underlying Linux Operating System is CentOS. CentOS is hardened using NSA hardening guidelines. You can review these at: [[http://www.nsa.gov/ia/mitigation_guidance/security_configuration_guides/operating_systems.shtml]]
-Pre deployment the File Fabric can be extensively configured as required as the infrastructure software is industry standard and well understood .
+The File Fabric is also extensively tested using commercial penetration testing software prior to each release.
+The File Fabric can be extensively configured as required as the infrastructure software is industry standard and well understood .
 We provide a separate white paper for High Availability guidelines. This white paper suggests some best practice but ultimately the deployment best practices are the responsibility of the deployer and should be inline with their existing deployment practices for such systems.
-===== 2 Fail2Ban =====
+===== 2. Fail2Ban =====
@@ Line 54: / Line 58: @@
 This is an example of how Fail2Ban can be used to help prevent attacks but in an of itself it is not a solution. It is just one of the measures that can be taken for protection.
-===== 3 Internet Security Protection services =====
+===== 3. Internet Security Protection services =====
@@ Line 72: / Line 76: @@
-===== 4 Proxy or Load Balancer =====
+===== 4. Proxy or Load Balancer =====
@@ Line 95: / Line 99: @@
 HAProxy can be quite a comprehensive solution as a defense for attacks and is in use in many companies and ISPs.
-A good place for further information is:
+A good place for further information is: [[https://www.haproxy.com/blog/use-a-load-balancer-as-a-first-row-of-defense-against-ddos/|Use a Load Balancer as a First Row of Defense Against DDOS]].
-[[http://blog.exceliance.fr/2012/02/27/use-a-load-balancer-as-a-first-row-of-defense-against-ddos/%0A|http:%%//%%blog.exceliance.fr/2012/02/27/use-a-load-balancer-as-a-first-row-of-defense-against-ddos/]]
+===== 5. Hostname =====
+The mitigate [host header injection attacks](https://www.acunetix.com/blog/articles/automated-detection-of-host-header-attacks/), the File Fabric provides controls to set and control the hostname can be used for the appliance.
+To force set the hostname, apply the following configuration:
+```
+var $hostname = 'sme.example.com';
+```
-===== 5 Conclusion =====
+===== 6. Conclusion =====