If you're not yet virtualizing infrastructure, or you're not otherwise in a position to develop a strategic security policy, there're tactics you can take in the meantime to mitigate some threats to your Proxmox virtual environment:
- Secure the bootloader
- If possible, lock down the BIOS/UEFI
- Absolutely prohibit remote access to Proxmox VE's user interfaces
- Disable root access via SSH; consider prohibiting sudo access as well
- Use Fail2ban to prevent brute-force attacks
- Rely on key-based SSH authentication
- Maintain security patches for Proxmox VE and its guests
- Consider an enterprise support subscription
The practical procedures that follow are a strong (and immediate) complement to the less concrete strategies articulated previously.
This concluding section thus walks through these immediate tactical mitigation objectives to provide immediate support as you come to terms with Proxmox VE.