Differences

This shows you the differences between two versions of the page.

--- cloudappliance/bestpractices [2019_10_29 00:17] – [1 Introduction] steven
+++ cloudappliance/bestpractices [2020_09_15 14:51] – [2. Fail2Ban] jim
@@ Line 7: / Line 7: @@
-===== 1 Introduction =====
+===== 1. Introduction =====
@@ Line 20: / Line 20: @@
 We provide a separate white paper for High Availability guidelines. This white paper suggests some best practice but ultimately the deployment best practices are the responsibility of the deployer and should be inline with their existing deployment practices for such systems.
-===== 2 Fail2Ban =====
+===== 2. Fail2Ban =====
-The SME Appliance ships with a customized version of Fail2Ban (http:%%//%%www.fail2ban.org/). Fail2Ban scans logs file for malicious patterns ie. DoS attacks, too many password failures, SSH logins, seeking exploits, trying to scan for download links etc. If the software detects such malicious patterns it automatically updates the firewall rules to reject IP addresses for a specified amount of time (10 minutes).
-This is constantly working and scanning and as such it is an extra protection for the appliance. Fail2Ban can also be setup to help prevent DOS attacks. To do this simply edit /etc/fail2ban/jail.conf and add the following to the end:
+The File Fabric is setup for integration with a customized version of Fail2Ban (http:%%//%%www.fail2ban.org/). This is disabled by default but can be enabled by the Appliance Admin.
+Fail2Ban is an intrusion prevention software framework that can help protect the File Fabric from brute-force attacks.
+Fail2Ban scans logs file for malicious patterns ie. DoS attacks, too many password failures, SSH logins, seeking exploits, trying to scan for download links etc. If the software detects such malicious patterns it automatically updates the File Fabric firewall rules to reject IP addresses for a specified amount of time (10 minutes).
+This is constantly working and scanning and as such it is an extra security protection for the appliance. Fail2Ban can also be setup to help prevent DOS attacks. To do this simply edit /etc/fail2ban/jail.conf and add the following to the end:
 <code>
@@ Line 54: / Line 60: @@
 </code>
-This is an example of how Fail2Ban can be used to help prevent attacks but in an of itself it is not a solution. It is just one of the measures that can be taken for protection.
+This is an example of how Fail2Ban can be used to help prevent attacks but in an of itself it is not a solution. It is just one security measure that can be taken for protection.
-===== 3 Internet Security Protection services =====
+===== 3. Internet Security Protection services =====
@@ Line 74: / Line 80: @@
-===== 4 Proxy or Load Balancer =====
+===== 4. Proxy or Load Balancer =====
@@ Line 97: / Line 103: @@
 HAProxy can be quite a comprehensive solution as a defense for attacks and is in use in many companies and ISPs.
-A good place for further information is:
+A good place for further information is: [[https://www.haproxy.com/blog/use-a-load-balancer-as-a-first-row-of-defense-against-ddos/|Use a Load Balancer as a First Row of Defense Against DDOS]].
-[[http://blog.exceliance.fr/2012/02/27/use-a-load-balancer-as-a-first-row-of-defense-against-ddos/%0A|http:%%//%%blog.exceliance.fr/2012/02/27/use-a-load-balancer-as-a-first-row-of-defense-against-ddos/]]
+===== 5. Hostname =====
+The mitigate [host header injection attacks](https://www.acunetix.com/blog/articles/automated-detection-of-host-header-attacks/), the File Fabric provides controls to set and control the hostname can be used for the appliance.
+To force set the hostname, apply the following configuration:
+```
+var $hostname = 'sme.example.com';
+```
-===== 5 Conclusion =====
+===== 6. Conclusion =====