I found some threads about that question, but there are all old (more or less).
Since I saw some benchmarks about the performance of bpfilter as a firewall. I'm wondering if there are any tools to configure a firewall with bpfilter as backend?
Related
I built a web application with low traffic so far, after making some advertising I realized there are some suspicious requests against my server, this is what Loggly service shows me in panel:
Logs from Loggly about nginx requests
I am not an expert in security information buy I'm suspecting that someone wants to attack my site or are preparing a future attack.
What does these logs mean exactly?
Should I worry too much about this behavior?
are they using some exploit scanner software ?
I am setting a web application firewall to add some rules to DNS and changing all admin passwords but what other recommendation I must keep in mind?
Yep, some person or bot is using a vulnerability scanner to poke your server.
Unless it's excessive or causing stability issues, this is normal traffic. Every node that's accessible online will see attempts like this, and if you follow basic security practices (e.g. be up-to-date with os/app patches, use 2FA for logins, shut down unnecessary services/ports, vigilantly monitor your logs and usage, or at a bigger scale: invest in WAF, IPS/IDS products or use a vendor like Cloudflare), you shouldn't have much to worry about.
The culprit is Jorgee Security Scanner[1][2]
[1] https://www.checkpoint.com/defense/advisories/public/2016/cpai-2016-0214.html
[2] https://blog.paranoidpenguin.net/2017/04/jorgee-goes-on-a-rampage/
What are the benefits of using Fastly versus simply having my own self-hosted Varnish? Are there additional benefits and features that Fastly provides that regular Varnish does not, or is it simply that Fastly is managed Varnish in the same way that CloudAMQP is hosted and managed RabbitMQ?
I just stumbled across this question, I know you asked this a while ago but I'm going to try and answer it for you regardless.
You are correct in assuming that Fastly manages the Varnish instances for you, so you don't have to deal with manually managing your servers. It is a slightly different concept than CloudAMQP however; CloudAMQP is a managed RabbitMQ system that lives in a specific datacenter, perhaps with Multi-AZ enabled for failover purposes.
Fastly is a full blown content delivery network which means they have machines running Varnish all over the world which could significantly increase your user's experience because of lower latency. For example if an Australian user visits your website he will be retrieving the cached content via Fastly's Australian machines, whereas if he were to connect to your own Varnish instance he'd probably have to connect to an instance in the U.S. which would introduce a lot more latency. On top of that it wouldn't only improve speed, but also reliability. Your single Varnish instance having a failure is quite likely, Fastly's global network of 1000s of machines running Varnish collapsing is very unlikely.
So to sum it up for you:
Speed
Reliability
Regards,
Rene.
We have a need to manage our DNS records (add/update) remotely using C#... I know of and have written/implemented a solution using WMI but the problem is that WMI can be painfully slow.
I have come across the DNS Provider API used by the Microsoft Provisioning Framework. Having searched some more though, it seems as if this framework has been retired.
So, does anyone out there know if it's possible to manage a Microsoft DNS without using WMI? As of yet, my only other alternative is to write a TCP server that manipulates the DNS files directly or executes the WMI calls locally on the machine (which seems to operate much faster).
Thanks, J
Well, doesn't seem like anyone had any answers or suggestions so I had to get a little creative... After a lot of consideration and a very strong desire NOT to write my own TCP server for this purpose I fell upon another, equally acceptable solution: web services.
The biggest problem we've experienced with WMI is only when making calls from a remote network (remote machines on the same LAN seem to operate fine) so really I just needed some framework to use as a proxy for the WMI calls. So I ended up writing a simple web service and things are working great; no having to worry about custom threading on an in-house TCP server or encrypting packets thanks to SSL.
Hope this helps anyone having the same problem!
J
I'm setting up an Internet-facing ASP.NET MVC application, on Windows 2008. It uses SQL Server 2008 for its database. I'm looking for best-practices for securing it.
I found this article, but it's a bit dated now. How much of that advice is still valuable?
Some background -- it's a personal site, behind my home NAT/firewall box; and I'll only forward ports 80 and 443 to it. The IIS server itself is a Windows 2008 host running on HyperV (I only have one physical box to spare).
One useful thing that's mentioned in that article (which had occurred to me already) is that the IIS box shouldn't be a member of the domain, so that an intruder can't easily get off the box. I'll be removing it from the domain in a moment :)
What other tips should I (and anyone deploying to a bigger environment) bear in mind?
I know that this isn't strictly a programming-related question (there's no source code in it!), but I guess that most programmers have to dabble in operations stuff when it comes to deployment recommendations.
You might take a look at these two tools:
Best Practices Analyzer for ASP.NET
SQL Server 2005 Best Practices Analyzer (even though you are using 2008, still might be of help)
I don't know about removing it from the domain, but I'd certainly disable LanMan hashes, keep the system fully patched, and use good password security. Make sure that any processes running in IIS run from least privileged accounts, i.e., don't run the worker processes under IDs that are in Local Administrators.
This will be of great help, certainly:
Microsoft Web Application Configuration Analyzer v2.0
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 7 years ago.
Improve this question
I have a Linux web server farm with about 5 web servers, web traffic is about 20Mbps.
We currently have a Barracuda 340 Load Balancer (keep away from this device - piece of crap!) that is acting as a firewall. I want to put in a dedicated firewall and I'd like to know what peoples opinions are on building versus buying a dedicated firewall.
Main requirements:
Dynamically block rouge traffic
Dynamically rate limit traffic
Block all ports except 80, 443
Limit port 22 to a set of IPs
High availability setup
Also if we go for the build route, how do we know what level traffic the system can handle.
As they say - "there are more than one way to skin a cat":
Build it yourself, running something like Linux or *BSD. The benefit of this, is that it makes it easy to do the dynamic part of your question, it's just a matter of a few well-placed shell/python/perl/whatever scripts. The drawback is that your ceiling traffic rate might not be what it would be on a purpose-built firewall device, although you should still be able to achieve data rates in the 300Mbit/sec range. (You start hitting PCI bus limitations at this point) This may be high enough to where it won't be a problem for you.
Buy a dedicated "firewall device" - Possible drawbacks of doing this, is that doing the "dynamic" part of what you're trying to accomplish is somewhat more difficult - depending on the device, this could be easy (Net::Telnet/Net::SSH come to mind), or not. If you are worried about peak traffic rates, you'll have to carefully check the manufacturer's specifications - several of these devices are prone to the same traffic limitations as "regular" PC's, in that they still run into the PCI bus bandwidth issue, etc. At that point, you might as well roll your own.
I guess you could read this more as a "pro's and con's" of doing either, if you want.
FWIW, we run dual FreeBSD firewalls at my place of employment, and regularly push 40+Mbit/sec with no noticeable load/issues.
Definitely build. I help manage an ISP and we have two firewalls built. One is for fail over and for redundancy. We use a program called pfsense. I couldn't recommend this program more. It has a great web interface for configuring it and we actually run it off a compact flash card.
in my current startup, we have used PFSense to replace multiple routers/firewalls, and it has throughput which replaces much more expensive routers.
Maybe that is why Cisco is having trouble? :)
Related to high availability: OpenBSD can be configured in a failover / HA way for firewalls. See this description. I've heard that they've done demos where such setups done as well (if not better) as high-end Cisco gear.
Over the last 8 years we maintained a small development network with about 20 to 30 machines. We had one computer dedicated to be the firewall.
Actually, we never run into serious problems we are now replacing it with a dedicated router/firewall solution (though we haven't decided yet which). Reasons for that are: simplicity (the goal is the firewall, not to maintain the linux for running it as well), less space and less power consumption.
Don't know much about this field, but maybe an Astaro security gateway?
Hi I would go for a dedicated firewall product in this scenario. I have used the Checkpoint firewall range of products for many years and I have always found them to be easy to setup and manage and they have great support. Using Checkpoint or one of their competitors is a fairly expensive option, especially if you're comparing it to open source software, so it depends on your budget.
I've also used Cisco's line of PIX and ASA firewalls. These are also good, but in my opinion are more difficult to manage