My Various Musings on Technology, Security, and Random Projects
As part of my project to create a Kibana dashboard to visualize my external threats, I decided I wanted a map view of where the IP addresses were coming from with geoip data. By default, Filebeat installs several dashboards that I used as inspiration, and saw what could be done, so I set out to imitate them.
Continue reading “Adding A Custom GeoIP Field to Filebeat And ElasticSearch”
We’re always told that the internet is a very dangerous place, but that is a very abstract threat. I have often found myself in a position where I tell people that the internet is dangerous, but I have no real data to back this up.
Therefore, my latest project was a deep dive into trying to figure out, for myself, how likely I was to get attacked if I had a server open to the internet. I know that it’s not a matter of ‘if’, but of ‘when’, but I wanted to quantify the ‘when’ as well as the ‘what’.
My plan has 3 phases. Generally, I am going to use an SSH (Secure Shell) server to act as a honeypot to lure in attackers. SSH is the black terminal window that people associate with Linux (and Jurassic Park).
SSH uses a server that listens usually on port 22, and when you log into a Linux server, you’re often using that.
So my plan is:
Continue reading “Your Home Network Is Under Attack 5000 Times A Day.”
In my last post, I set up ELK in a docker container to see if it would meet my needs, but I found that unless I wanted to go very deep with docker, I’d need to do a raw installation of ELK. The main motivation was that I wanted to install an SSL certificate in Kibana using LetsEncrypt from my pfSense box, and building a job that builds docker every 90 days seemed brittle.
One thing I realized was that you do do a lot without installing the ‘L’ in ELK. LogStash and ElasticSearch both provide means to ingest logs. When you install filebeat on your client, you can opt to output to LogStash or to ElasticSearch. I went direct to ElasticSearch for now, though I will likely revisit that later on. Here are two resources that discuss that here and here.
Continue reading “Installing ELK without Docker on Ubuntu 18.04 with LetsEncrypt”
My latest project is to set up a secure Minecraft server for my kids and their friends to play on. As I mentioned in my previous post, the usual recommendation to set up port forwarding on your router is a pretty bad idea. Normally, what is recommended is to set up a DMZ. I’ll do this in a bit (I had to order some stuff), but I’d like to talk about DMZs a bit, and how they are a terrible and misleading concept.
Quaint were the days when we viewed the internet as a ‘Wild West’. I’d take a sparsely populated area of frontier towns where you could travel in a stagecoach, with minimal risk of robbery, to what we have today. Remember ‘Tombstone’? That seems like a downright safe and friendly place to spend time compared to today’s internet, where we basically have to live in miniature fortresses and travel to other larger fortresses in armored convoys, all while under constant attack by a robot-augmented army of criminals.
I got to thinking about this because I’d like to set up a Minecraft server for my kids, but with the recent hack of Mariott, where 500 Million accounts were hacked, I’m reminded (again) that it’s just not safe out there. For context, 500 million is about as many Americans who have ever lived. It’s a little shy of 10% of the world population. Once you think about the scale of these breaches, it’s time to rethink what the internet is.
Continue reading “The Internet Is More Mad Max Than Wild West Now”
