I’ve been using OPNSense for my home firewall for many years now, and I previously ran it as a VM in a Proxmox virtual server. That worked great for my purposes, but I’ve since upgraded to a dedicated physical device (Protectli) running OPNSense and I love it.
However, with the migration away from a VM, I lost the ability to create a snapshot of the system prior to an upgrade - just in case something went wrong I could easily roll back.
...
I recently migrated from hosting this site on Gitlab pages (still an excellent option, BTW) to hosting on AWS S3 via CloudFront. This solution isn’t cheaper, but I’ve been working on AWS concepts of late and thought this would be a good exercise - and I was right! :-)
I expect to write more about what I learned in that exercise, but I wanted to start with the problem of directory index files, since this solution didn’t come up often in my search for solutions. There are lots of pages out there talking about hosting static pages on S3 and CloudFront has a Default root object setting for each Distribution. But I discovered that only works for the root of the distribution - not any subdirectories.
...
I meet IT folks fairly frequently who want to know how to get started in Security. But Security is a huge field! What kind of security are you intersted in? Or what kind of Security do you think you’re interested in? And how do you find out?
Disclaimer Personally, I’m biased toward not starting in Security, but starting in System Administration or Network Administration or development or….
The reason is that if you haven’t actually spent time running an IT shop, you won’t really have an idea of what you’re defending or the balance between keeping things running smoothly and patching (for example).
...
All of this was prior to the latest versions of Security Onion which now run inside docker instances. I’ve not yet looked to see how this would be replicated there. But I’m leaving this up for historical purposes.
Another tool in the arsenal of Security Onion is OSSEC, a “scalable, multi-platform, open source Host-based Intrusion Detection System (HIDS).” OSSEC examines log and alert events and correlates them against pre-built (or custom) rules and sends alerts as configured. When installed on the Security Onion server, OSSEC alerts are logged in the sguil database and managed alongside alerts from the network IDS.
...
All of this was prior to the latest versions of Security Onion which now run inside docker instances. I’ve not yet looked to see how this would be replicated there. But I’m leaving this up for historical purposes.
As I’ve mentioned before, Security Onion is a fantastic network security-focused Linux distribution which can monitor your network and/or hosts for malicious activity.
The Onion can run Snort or Suricata as a network IDS, and it can also run bro Zeek alongside those traditional IDS engines to add another layer of intelligence. This article will highlight one way in which these two engines can be combined to quickly triage IDS alerts.
...