Snort & OpenAppID on ESXi virtual ubuntu (2 NICs)

A Network Intrusion Detection & Prevention with Snort and OpenAppID (application identification) on a ESXi ubuntu virtual machine (2 NICs) with PF_RING.   An open source network intrusion prevention system (NIPS) and network intrusion detection system (NIDS) created by Martin Roesch in 1998 and owned by Cisco since 2013.   For our test we need to […]

Bro on ESXi virtual ubuntu (2 NICs)

A try of Bro on an ESXi ubuntu virtual machine (2 NICs) with GeoIP and PF_RING dependencies.   A powerful network analysis framework Originally written by Vern Paxson (Professor of Computer Science at Berkeley), It works with scripts and has support for clustering for high throughput environments. It is actually a very powerful complement to Snort.   For […]

How-To: Secure Ubuntu server (fail2ban)

Fail2ban scan the log files of the server and bans IPs that show the malicious signs. Like for exemple too many password failures, seeking for exploits, etc.. It work as a service and create rules that automatically alter iptables configuration. All based on a predefined number of unsuccessful login attempts. This will allow the server to respond to […]

How-To: Secure Ubuntu server (part 1)

Increase the security and usability of your Ubuntu server is very important and do at the same times you install it is the best way. There are few configuration/install that you should take early on as part of the basic setup.   Install   The install of Ubuntu Server is easy and not need a […]