Skip to content
This repository has been archived by the owner on Feb 29, 2024. It is now read-only.

Develop a plan for breach detection #192

Open
1 task
ConsoleCatzirl opened this issue Mar 23, 2017 · 4 comments
Open
1 task

Develop a plan for breach detection #192

ConsoleCatzirl opened this issue Mar 23, 2017 · 4 comments
Labels
help wanted Operations Security
Milestone
Operations 0.5

Comments

@ConsoleCatzirl
Copy link
Contributor

ConsoleCatzirl commented Mar 23, 2017
edited by mlangbehn
Loading

  • Write a spec
@ConsoleCatzirl ConsoleCatzirl added this to the Operations milestone Mar 23, 2017
@ConsoleCatzirl
Copy link
Contributor Author

Tangentially related: BonnyCI/hoist#312 adds a fail2ban role to mitigate abuse attempts.

@ConsoleCatzirl
Copy link
Contributor Author

Options:

  1. Deploy open-source IDS tools such as snort or OSSEC.
  2. Build tooling around ELK to monitor or periodically query logs.

@SpamapS
Copy link

SpamapS commented Apr 6, 2017

Network IDS would require that we somehow push traffic through our own routers. I believe that's entirely doable with security groups doing the egress, just not sure how much it might cost us in network performance.

We should also think about host IDS, like tripwire.

@SpamapS
Copy link

SpamapS commented Apr 6, 2017

We can even take advantage of our cloudyness and mount disk snapshots to do tripwire checks and rootkit checks offline.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
help wanted Operations Security
Projects
None yet
Milestone
Operations 0.5
Development

No branches or pull requests
2 participants
@SpamapS @ConsoleCatzirl