IDS/IPS like Tripwire and possibly Snort / Variant

Since we’ve gone to great lengths here to ensure that the chain of trust extends from our MIAB instances all the way up to DNS Sec and ultimately the root trust certificates of the internet. We should probably consider adding some method to cry foul automagically when things change internally that shouldn’t.

Tripwire is a great solution as you can make it run shell commands when something goes awry so you can send emails or push notifications out via external channels as soon as something strange happens internally.

Hi Ruseen,

What are you after file integrity checking or mail and web server attack mitigation?
I’m not familiar with tripwire, but it looks like filesystem protection and integrity checks. Snort or Suricata would usually fit well into a network behind the firewall.
But I think in terms of security the most precious ones that I’d like to see in the future versions of MIAB would be integration with Apache or Nginx with Web Application Firewalls like ModSecurity 3 or Shadow Daemon

As always the issue with this would be maintenance overhead not only for MIAB developers but for MIAB admin, and as well more processing resources on the server-side. And as of right now MIAB is probably the lowest resource consuming full-fledged mail server deployments our there.

Cheers,

It’s mostly just important to know if things are being modified that shouldn’t be modified. Especially in an environment where its mission-critical and highly damaging to your reputation if something goes unseen.

This topic was automatically closed after 61 days. New replies are no longer allowed.