Intrusion Detection for Galaxy?

I attended a briefing today about cyber security preparedness in the U.S. One of the things we learned was that most of the major hacks (ransomware etc.) happening in the past few years were possible just due to companies not implementing two-factor authentication. So I’m just posting this to let everyone here know to make sure to support that where it is appropriate. :slight_smile:

@filipenevola, one of the things that was advised was to use intrusion detection. Does Galaxy support any form of intrusion detection yet?

2 Likes

https://www.snort.org

1 Like

Galaxy uses 2FA in the form of email. I’ve always thought this was kind of weak. I’d prefer either SMS or an authenication app (e.g. Google Authenticator, Authy, VIP Access). I think Galaxy needs to stand this up ASAP.

3 Likes

Agreed. Evidently most of the ransomware hacks are done just via spear-phishing to obtain somebody’s email credentials, and are then successful due to the lack of 2FA. So using email for 2FA is not going to work in a lot of very serious cases. It really needs to be what you’re recommending.

1 Like

Snort looks good! Do you know by any chance if there is a way to get this working with Galaxy yet?

TOTP is very easy to implement and has a fair security. I did it even for a few of our Meteor apps. Maybe you write the Meteor team and request for an alternative 2FA

Not sure about that, I think Galaxy don’t give you a real server with bash does it?

I believe that is correct. It would probably be very doable for them to support it as an option.

I’d be surprised if they didn’t have any IDS it’s pretty run of the mill these days. You can always prevent attacks at dns level if you use cloudflare, even the free tier prevents ddos and a plethora of different injection attacks

1 Like

Hi, if you have specific security concerns with Galaxy feel free to open a ticket.

About different 2FA methods, we are thinking about adding a new option in the near future.

If you have specific questions please open a ticket.

You can also read Galaxy security page and App protection page.

1 Like

FYI IDS != 2FA buddy

I know that is why I was very clear about the topic that I was talking about: “About different 2FA methods…”

Ok, is this the right thread though because this is a thread about IDS bud…

Would it be helpful for me to update the original post to say this thread is just about IDS, and to link to a new post I create about 2FA for discussion of that topic?