I’ve been looking into renting a public (old) server for a while now, since they are pretty cheap ($/€)20-30/month. I can’t really use a regular cloud product (Azure, AWS, etc) because they get too expensive.
For example: I got this demo web site that needs something like a rainbowtable (a few 100GB of data) and that makes it way to expensive for regular cloud.
Pluss, I kinda want a dedicated server
I’m in security and it would be nice to have a public server like this for learning, testing, hosting demos, etc. It’s not really for business, but just as an extra asset and to play around with.
The one thing holding me back is security monitoring. I don’t want this server to end up being part of a botnet or something, and working withing securty I’m pretty paranoid.
Basically everything enterprise is just too expensive and everything else seems to be really noisy. I would probably automate deployment and everything else, so if something is detected it would be really easy to wipe it and start over. But I kinda need higher quality alerts for that to be an option.
Any suggestions on what to look into?
(sorry for the long post).
Not really sure what you are asking for. Are you asking what software you want to monitor your VM’s with?
Sorry for being a bit unclear.
What I’m looking for is HIDS. Host Intrusion Detection System.
Either pure software or as a manged service, but only for one server (so probably not suitable for managed services?). Especially since the cost needs to be low.
I’ve looked into a few, but it’s either very expensive of very noisy. I know there are no perfect solutions for this, but I’m looking for some ideas.
OSSEC is free, but kinda noisy.
Wazuh looks interesting, but I haven’t spent much time on it. Anyone got any experience using it?
Things like tripwire only detects file changes (at least last time I checked?).
So, basically. Anyone got experience or suggestions on how to set up HIDS on a single remote public server
I’m not a security expert and I don’t think I’ve heard of HIDS before but, I looked at OSSec and I find it really interesting! I know it might be noisy but, is it possible to configure the alerts? Like get rid of false positives?
Yeah, that is one option. It’s just a lot of work
I might need to go that route. Thinking of setting up an identical configured server in my home lab to get a base line of alerts.
Might even try to attack it in different ways to see what alerts that will generate.
But it would be really nice to plug in some ready made service that is trustable and cheap enough to take care of everything. Then I could just wipe the server if I get a serious enough alert.