EDITED: 07/2024. Please take a look at THIS ARTICLE for a follow up discussing the risks and nuances relating to using HTTPS Reverse Proxies. An HTTP reverse proxy may not be the right tool for your circumstances and using one carries certain risks. Recently I was presented with a very common problem, offer up a service which uses an unprivileged port, present that service through a reverse proxy of some . . .
Vault offers an array of flexible storage backends with a view to providing a highly available storage location to store secrets, this is a great baked-in design choice as if you make Vault an integral part of your infrastructure you can ill afford a sudden outage, a perfect platform for storing structured data is, of course, a RDBMS (Relational Database Management System), as many of the mainstays are scalable and . . .
In a previous post we’ve looked at how to build Azure infrastructure with Terraform, handle sensitive secrets by storing them within Vault and centrally manage states within Azure Object Storage (confusingly called Containers). In this post we’ll take a look at the same solution but leverage the same technology within AWS, making use of AWS S3 object storage platform and using Terraform to provision further AWS resources. Sample code for . . .
When working at scale with secret creation we can employ Vault’s Dynamic Secrets functions, however another less used and sometimes more flexible option is to leverage Terraform to create secrets at run time, allowing the injection of your secrets from pseudorandom secret generation in to Vault and then using these newly minted secrets further on in the creation process when creating resources in your cloud platform. Example code for this . . .
In a complex Linux environment where multiple administrators have a requirement to manage countless machines (or even a small amount of machines), there is inevitably a requirement to manage SSH Private Keys, as well as the large administrative overhead that comes with cycling them when they expire, or new admins join or move teams. Vault offers us a method to remove the churn of key cycling. A fantastic feature of . . .
In previous posts I’ve looked at the setup of AlienVault OSSIM and managing logs from both Windows and Linux Operating Systems. However as any admin knows dealing with servers is only half the battle when it comes to logs, network devices are arguably the most important part. In this post we’ll be looking at log management for Juniper JUNOS, Cisco IOS and VMware EXSi devices in particular, all of which . . .
In a previous post we’ve looked at how to build Azure infrastructure with Terraform and handle sensitive secrets by storing them within Vault and looking them up at run time. This however still poses a problem if we’re using the default local backend for Terraform; particularly that these secrets will be stored in plain text in the resulting state files and in a local backend they will be absorbed in . . .
In a previous post we looked at building AlienVault OSSIM, but the setup of a SIEM is pretty Spartan without any data sources feeding it. The Operating System integration for AlienVault is surprisingly Windows-centric for a Linux platform, so lets look at the somewhat involved process for gathering logs from Linux servers using AlienVault. Some Quick Setup For this configuration, we’ll be monitoring the existing Vault server mc-vault capturing the . . .
In a previous post we looked at building AlienVault OSSIM, but the setup of a SIEM is pretty Spartan without any data sources feeding it. The Operating System integration for AlienVault is surprisingly Windows-centric for a Linux platform, but let’s take a look at it. Windows Log Management For this configuration, we’ll be using the existing mc-ossim OSSIM server set up previously and capturing logs from a Domain Controller named . . .
I noticed around 2015 that SIEM became the new buzzword that IT consultancies started throwing around to sell things that sensible admins had already been doing for decades, namely a centralised platform for the storing and management of logs. The king of these solutions is unarguably ELK (now known as ElasticStack), however ELK is a dark art and scares a lot of people away, when we’re talking about a SIEM . . .