On Thursday 16 June 2011, Anto wrote:
After reading the modules pike, pipelimit, etc. I wanted to know what measures can be used in the proxy, because like me, there will be more people interested ;-).
We see that the module pike is a good security measure, but for users with many channels, we used the configuration of users with few channels (could we discriminate and make different rules for each?). If we have the proxy settings for normal users and have trunk configuration as well, I guess we also mark the traffic of the trunk to see it too aggressive about the user. As you might know if discriminate different types of users according to their traffic, one solution I can think of is to have different proxies for each user type (trunk, normal, etc).
Hi Anto,
having different systems is one solution, you could also just use internally in one server different traffic classes for the user sets you have.
Is there any way to implement something that detects unusual behavior on the user (referred to countries that do not ever called, excessive traffic, etc)?. I ask not to try to implement something that exists or perhaps someone can advise me how to do so because it is very likely not get it or do it wrong :-P . Continue to seek information and if I find something to contribute, send him to the list.
You should also look into the htable module for account/ password brute force detection. If you want to implement something w/r to the origination country of certain traffic, there is the geoip module which can provide you this informations, wich you could also combine with the modules already discussed.
Can you think of some way more secure proxy (mainly user accounts)? Do some basic safety tips to take into consideration? Any guidance? My advice to avoid trying to schedule something with 100 lines of code when I can do with 5 lines? Does this indicate that I intend to do not I make it :-P ?. What I said, I will try paper on the subject and if I can find information on something (though it may seem a bad code :-( ), which publishes. Thanks ;-)
With regards to user accounts, one thing you probably want to look at is password security and fraud or misuse detection logic. Smart attackers will find ways around your proactive measures, and you need to respond actively, like blocking users after you detected something malicious.
Best regards,
Henning