from time to time we hear about ddos, and many other different attacks, is there any sense to implement next tools in whonix? would it bring better security to Whonix or not? all is open source:
- hiawatha instead of lighttpd/apache:
Hiawatha can stop SQL injections, XSS and CSRF attacks and exploit attempts. Via a specially crafted monitoring tool, you can keep track of all your webservers. The SSL Labs website gives Hiawatha an A-rating, where Apache has a C.
detailed instruction: admin-magazine.com/Archive/2016/32/Security-first-with-the-Hiawatha-web-server
- The Suricata is an open source Intrusion Detection system (IDS) and Prevention system (IPS) and Network Security Monitoring engine.
of course, system like this can be made to prevent Tor traffic, but rules can be #disabled, modified, suricata can be made to be good for Tor usage.
- suricata recommends perl scripts like pulledpig for monitoring suricata reports and for rules management, there is also snorby, based on ruby on rails … and Django based Scirius (web app for rules management).
- codemonkey.net/evebox/ - EveBox attempts to provide something like a Gmail inbox approach to alerts. New alerts are placed in an “Inbox” where they can be archived or escalated (starred).