Taking action
If you're not yet virtualizing infrastructure, or you're not otherwise in a position to develop a strategic security policy, there're tactics you can take in the meantime to mitigate some threats to your Proxmox virtual environment:
- Secure the bootloader
- If possible, lock down the BIOS/UEFI
- Absolutely prohibit remote access to Proxmox VE's user interfaces
- Disable root access via SSH; consider prohibiting sudo access as well
- Use Fail2ban to prevent brute-force attacks
- Rely on key-based SSH authentication
- Maintain security patches for Proxmox VE and its guests
- Consider an enterprise support subscription
The practical procedures that follow are a strong (and immediate) complement to the less concrete strategies articulated previously.
This concluding ...
Get Learning Proxmox VE now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.