If you follow current IT security vulnerabilities, you’ll agree that keeping systems up to date is critical. Unattended Upgrades for Debian/Ubuntu offers a simple yet powerful way to automate this process, securing your infrastructure with minimal manual intervention.
Continue reading Automating Security Patching: Debian Unattended UpgradesTag: Security Automation
Bogon Defense: Integrating Dynamic IP Blacklists into Suricata’s Reputation System
Bogon networks are IP address ranges that should never appear on the public internet, as they are either reserved or unassigned. Blocking these ranges is a fundamental and highly effective security measure. While this can be done with simple firewall rules, integrating the blocklist directly into the Suricata IP Reputation system is far more performant.
Continue reading Bogon Defense: Integrating Dynamic IP Blacklists into Suricata’s Reputation SystemAutomating IPS: Real-Time Suricata Rule Generation via Fail2ban Hook
In my last posts, I established a central syslog hub feeding Fail2ban and demonstrated Suricata as an intrusion prevention system (IPS). This final piece connects the two: feeding Suricata with the ban results from Fail2ban by creating a dynamic, external rule file.
Continue reading Automating IPS: Real-Time Suricata Rule Generation via Fail2ban HookAutomated Defense: Building a Central Log Hub for Fail2ban and External Firewall Integration
A very light-weight and efficient approach for consolidating logs centrally is by using rsyslog. My virtual machines all use rsyslog to forward their logs to a dedicated internal virtual machine, which acts as the central log hub. A fail2ban instance on this hub checks all incoming logs and sends a block command to an external firewall—a process helpful for automated security.
Continue reading Automated Defense: Building a Central Log Hub for Fail2ban and External Firewall Integration