This article discussed key vital infrastructure components, the threats they face, and the measures that can be taken to remediate the risk. The three components are: SIEM, Virtual Infrastructure, and Backups. All three are targets for Hackers and Ransomware. Consider the scenario where an administrative domain account has been compromised
Read moreThe Case Against Threat Intelligence in Business
Threat intelligence as a function of a regular business returns little to no value to the organisation. The skill-sets could be better used for threat hunting and analysis which are proactive approaches to cybersecurity and have a direct positive impact to the business. I should clarify that threat intelligence in
Read moreA SIEM as a Process
This article explores the concept of a SIEM as part of a process, and without a process, you don’t have a SIEM. A SIEM is a security information and event management system. In it’s full capacity, it accepts logs from a variety of sources and via a variety of protocols,
Read moreMoodle in Docker with options for Kubernetes
This article discusses and demonstrates the design and implementation of Moodle using Docker with the option for later deployments with Kubernetes. We’re using Ubuntu 24.04 but this should work fine on similar versions of Ubuntu as well. The key points are: Moodle is deployed via a Docker container. Moodle references
Read moreCreate an LDAP Server Quickly – And add a few users and a group
In this article, we’re going to spin up a quick LDAP server using a Docker image. We’re going to test that a user can authenticate to it using the CLI. We’ll leave it there, but you can point any LDAP tool to it to manage it. Create a “docker-compose.yml” file
Read moreWindows NXLog to Graylog
This article explains how to send logs from a Windows system to Graylog using NXLog on the Windows system. We’re starting with a working Graylog server and a Windows system. Install NXLog on Windows using the defaults (or change as you like). Update the configuration file at “C:\Program Files\nxlog\conf\nxlog.conf” to
Read moreApache Example Configuration for GeoIP Fencing, SSL/TLS Termination, and Reverse Proxy
This article shows an example configuration that will achieve three objectives: Provide GeoIP Fending, Provide SSL/TLS Termination, and server as a Reverse Proxy. In this example we’re using Ubuntu 22.04. Connections coming in on HTTP (port 80) are redirected to HTTPS (port 443) which is where the GeoIP Fencing takes
Read moreNXLog Example Configuration File – Sending Logs From Windows to Syslog in JSON Format
This article explains how to send logs from Windows systems to Syslog servers using NXLog (community edition). In this case we’re sending to Syslog listening on TCP. NXLog is easy enough to install but the configuration process is not so easy. Because Windows EventLog uses many more fields than Syslog,
Read moreComparing Syslog Formats – BSD RFC3164 vs IETF RFC5424
This article compares the two Syslog formats. If you can’t decide, consider “IETF RFC 5424”. This article compares two log entries using different Syslog formats. The event is the same for both entries – logging into a Synology server’s web portal. The user “agix” is logging in from host “10.1.1.100”.
Read moreRunning LogStash in Docker
This is a short HowTo for running LogStash in Docker. We’re using Ubuntu 22.04. Install Docker and create our directory structure: apt install docker docker.io mkdir ~/logstash mkdir ~/logstash/config/ ~/logstash/pipeline/ Create the Dockerfile file “~/Dockerfile”: # The image to use: FROM docker.elastic.co/logstash/logstash:8.15.0 # Remove the pre-existing config file from within
Read more