On a normal server, I would have fail2ban handle intrusion detection; how would I go about setting up IDS/IPS on AWS? Any help or pointers would be appreciated.
Asked
Active
Viewed 733 times
1
-
1What's wrong with using fail2ban? What else do you want? – Michael Hampton Oct 25 '16 at 02:31
-
@MichaelHampton I was told there is an IDS/IPS built into AWS, but I'm not sure what they were referring to - I could not find any direct reference to it. – Cenoc Oct 25 '16 at 11:17
-
You should go back to whoever told you that, and ask them what they are talking about. – Michael Hampton Oct 25 '16 at 12:53
1 Answers
0
There are a few systems available through AWS - see https://aws.amazon.com/mp/scenarios/security/ids/ (if that link doesn't work, just Google "intrusion prevention system aws"). I found one account of someone who claimed to have looked at "virtually all the options" and settled on Alert Logic Threat Manager with ActiveWatch: https://www.quora.com/What-is-the-best-intrusion-detection-solution-for-solutions-hosted-in-AWS
Did you find a good solution yourself? Could you add an answer describing what you ended up doing, please?
Doug McLean
- 143
- 9
-
Oh well, looks like Alert Logic Threat Manager is no longer available... – Doug McLean Jun 15 '17 at 09:35
-
Correction: if you use the AWS link above it'll tell you Alert Logic Threat Manager is no longer available. But if you go through the AWS Marketplace you'll find that's not true. – Doug McLean Jun 15 '17 at 10:20