Difference between revisions of "CNM Bureau Farm"

From CNM Wiki
Jump to: navigation, search
(Security)
(Security)
Line 14: Line 14:
 
: [[iptables]] as a firewall
 
: [[iptables]] as a firewall
  
: For security, we use [[Fail2ban]] because it operates by monitoring log files (e.g. /var/log/auth.log, /var/log/apache/access.log, etc.) for selected entries and running scripts based on them. Most commonly this is used to block selected IP addresses that may belong to hosts that are trying to breach the system's security. It can ban any host IP address that makes too many login attempts or performs any other unwanted action within a time frame defined by the administrator. Includes support for both IPv4 and IPv6.
+
: For security, we use [[Fail2ban]] because it operates by monitoring log files (e.g. /var/log/auth.log, /var/log/apache/access.log, etc.) for selected entries and running scripts based on them. Most commonly this is used to block selected IP addresses that may belong to hosts that are trying to breach the system's security. It can ban any host IP address that makes too many login attempts or performs any other unwanted action within a time frame defined by the administrator. Includes support for both IPv4 and IPv6.
:Calls use the P2P mode, which is end-to-end encrypted via DTLS-SRTP between the two participants for encrypted communication (secure communication). Group calls also use DTLS-SRTP encryption, but rely on the Jitsi Videobridge (JVB) as video router, where packets are decrypted temporarily. All data is transmitted only through our server, and comprehensive TLS encryption provides protection against interception and unauthorized eavesdropping.
 
  
 
===Backup and recovery===
 
===Backup and recovery===

Revision as of 18:15, 21 April 2023

CNM Bureau Farm (formerly known as CNM EndUser Farm; hereinafter, the Farm) is the CNM farm that is based on bare-metal servers. This Farm also utilizes a portion of one bare-metal server that belongs to the CNM Lab Farm. The issues to work on may include (a) security outside of iptables, (b) adding NAS, as well as advanced backup and recovery systems, and (c) advanced monitoring systems.


Features

DNS entry point

load balancer on a public web address

Syncronization

synchronization of resources of common individual nodes, at least databases.

Monitoring

Security

iptables as a firewall
For security, we use Fail2ban because it operates by monitoring log files (e.g. /var/log/auth.log, /var/log/apache/access.log, etc.) for selected entries and running scripts based on them. Most commonly this is used to block selected IP addresses that may belong to hosts that are trying to breach the system's security. It can ban any host IP address that makes too many login attempts or performs any other unwanted action within a time frame defined by the administrator. Includes support for both IPv4 and IPv6.

Backup and recovery

Development

Development of the Farm occurs under the Administration for CNM Farms project.

See also

Related lectures