The risks associated with mismanaged logs is measured in financial costs, penalties for non-compliance, lost opportunities, and missed discovery of indicators of compromise that would otherwise have been detected. This article discusses the log life-cycle trend in todays complex computing environments. The log generators (the source system) we’d consider part
Read moreCategory: Cybersecurity
Browse our Cybersecurity technical articles here. We’re sharing our knowledge with fellow cybersecurity practitioners in the hope that we can all progress further and faster in protecting our information systems.
Replacing Macros with AI in the Essential 8
It’s a matter of time before artificial intelligence (AI) is included as a domain in the Essential 8. But first, some background. The Essential 8 is the Australian Cyber Security Centre’s (ACSC) advisory/guide for Australian organisations to follow (sometimes a requirement, others just a recommendation) to best protect their systems.
Read moreSecrets With Expiries
The idea of a secret is much like a password, it allows a service to authenticate without using keys or cryptography. It’s a simple comparison. “Does your secret match my secret?” When sent over encrypted channels, secrets can be a simple and effective means to provide authentication. Is PKI better?
Read moreBlocking the Source or the Target – Attack Response Best Practices
This article discusses best practices for where to block an attack… the source or destination? Firewall administrators are taught to block nearest the source. System administrators are taught to block nearest the target. Let’s discuss this. Firewall administrators sensibly want to block an attack nearest the attacker. This limits the
Read moreWhat would you do with extra budget in your IT department?
Do you have a shopping list for what you’d purchase for your IT department if you suddenly had the budget? If your IT department has a strategy and a plan, then you likely have a shopping list too. But we don’t typically have the budget to purchase everything we need
Read moreWindows NXLog to Graylog
This article explains how to send logs from a Windows system to Graylog using NXLog on the Windows system. We’re starting with a working Graylog server and a Windows system. Install NXLog on Windows using the defaults (or change as you like). Update the configuration file at “C:\Program Files\nxlog\conf\nxlog.conf” to
Read moreApache Example Configuration for GeoIP Fencing, SSL/TLS Termination, and Reverse Proxy
This article shows an example configuration that will achieve three objectives: Provide GeoIP Fending, Provide SSL/TLS Termination, and server as a Reverse Proxy. In this example we’re using Ubuntu 22.04. Connections coming in on HTTP (port 80) are redirected to HTTPS (port 443) which is where the GeoIP Fencing takes
Read more
Android VPN (Always On) with pfSense
This article shows the settings on the pfSense and Android device for the always on IPSec VPN. The best article to start with is “https://docs.netgate.com/pfsense/en/latest/recipes/ipsec-mobile-ikev2-client-android.html”. Then compare your settings to those on this page if you need more help than the linked article provides. The VPN cryptographic settings are: Phase
Read moreInstalling Graylog Open on Ubuntu 22.04
This article is a walkthrough for installing “Graylog Open 6” and leverages the documentation at “https://go2docs.graylog.org/current/downloading_and_installing_graylog/ubuntu_installation.html” and “https://www.mongodb.com/docs/manual/tutorial/install-mongodb-on-ubuntu/”. We’re using Ubuntu 22.04 because 24.04 is not supported using the documentation linked above. We’re starting from a fresh “standard” Ubuntu 22.04 installation. Our resources are “4GB RAM, 8 CPU Cores, 25GB
Read moreTop Tips To Avoid Being Scammed (Business Focused)
This list is relevant to businesses, but the same principles apply to our personal lives. The objective is to not be scammed, obviously. But to do that, we need to identify when we’re the target. This list will help, and is most effective when the key players within your business
Read more