Originally Posted by evilghost
I use fail2ban, it's quite powerful, I use it to detect 404 and 401 errors on my webserver and ban them immediately, if they connect to an IP and not a vhost. It works very well at mitigating the brute-force and script-kiddie attacks. I also use it for SSH, but again, I run it on a high TCP port, not TCP 22, and I don't see brute force attacks. That, and I'm using key-based authentication, not password authentication.
OSSEC-HIDS is a great IDS for a local machine and it's log analysis engine is outstanding; think of it as Snort for logs.
There's tons of information I can give but it's hard to 'dd if=/dev/evilghost of=/dev/grey_1' without knowing what's applicable to you.
Lol, I got a kick out of that.
Basically my main rig running Deb, my second box running deb, my wifes winpc.
My second rig is going to be my learning box...starting with the security, then file sharing, server set up etc. I'm not worried about breaking the install on it. This entire setup is a learning exercise for me, the more the better, as it's very pertinent to my career as well as personal gratification from learning as much as I can.
A formal college would be best, but families needs are still priority with me.
Ergo my plea to MikeC for this forum.