Linux Security: Packet Capture and Analysis

It's crucial for any security or systems administrator to be able to capture and analyze network traffic. This allows for advanced troubleshooting as well as security review. Use a tshark capture filter to collect TCP traffic on port 80. Use a tshark capture filter to collect TCP traffic on port 80. Store the capture command... Continue Reading →

Linux Security: Working with IP sets and iptables

IP Sets can facilitate the management of a complex firewall ruleset. This exercise refreshes basic skills with the iptables command and begins developing an understanding of working with IP Sets.  Create a new IP set called 'clienthosts' that contains the IP and Port combinations for each client server. Be sure the 'ipset' is configured to persist a... Continue Reading →

Linux Security: Working with OpenVPN (and iptables)

Install and Configure the OpenVPN server on 'vpn-server' Install OpenVPN: Run yum install -y openvpn.Copy the server config: cp /usr/share/doc/openvpn-2.4.7/sample/sample-config-files/server.conf /etc/openvpn/Edit the server config to contain the following topology configuration: topology subnet Install the provided server certificates Run cp /home/cloud_user/certs/ca.crt /home/cloud_user/certs/server.crt /home/cloud_user/certs/server.key /etc/openvpn. Generate the required Server Keys Generate the dhparamopenssl dhparam -out /etc/openvpn/dh2048.pem 2048Generate... Continue Reading →

Amazon Web Services: Install an Intrusion Prevention System (IPS) on an EC2 Instance

Intall fail2ban on first instance SSH into first instance as cloud_userInstall fail2ban sudo yum install fail2ban -y sudo service fail2ban start Output Last login: Tue Sep 24 15:15:47 on ttys000 austinsonger@Songer ~ % ssh cloud_user@34.229.235.163 The authenticity of host '34.229.235.163 (34.229.235.163)' can't be established. ECDSA key fingerprint is SHA256:JKRV/KYx3t6rwXxuc4fRFbIFE8NnO3laDLM4Y4RcObU. Are you sure you want to... Continue Reading →

A WordPress.com Website.

Up ↑