Serving Directory Index Files With CloudFront Functions

I recently migrated from hosting this site on Gitlab pages (still an excellent option, BTW) to hosting on AWS S3 via CloudFront. This solution isn’t cheaper, but I’ve been working on AWS concepts of late and thought this would be a good exercise - and I was right! :-) I expect to write more about what I learned in that exercise, but I wanted to start with the problem of directory index files, since this solution didn’t come up often in my search for solutions....

2021-12-18 · 4 min · Jon Mark Allen

Getting Started in Security

I meet IT folks fairly frequently who want to know how to get started in Security. But Security is a huge field! What kind of security are you intersted in? Or what kind of Security do you think you’re interested in? And how do you find out? Disclaimer Personally, I’m biased toward not starting in Security, but starting in System Administration or Network Administration or development or…. The reason is that if you haven’t actually spent time running an IT shop, you won’t really have an idea of what you’re defending or the balance between keeping things running smoothly and patching (for example)....

2018-07-23 · 6 min · Jon Mark Allen

Whitelisting IPs in OSSEC

All of this was prior to the latest versions of Security Onion which now run inside docker instances. I’ve not yet looked to see how this would be replicated there. But I’m leaving this up for historical purposes. Another tool in the arsenal of Security Onion is OSSEC, a “scalable, multi-platform, open source Host-based Intrusion Detection System (HIDS).” OSSEC examines log and alert events and correlates them against pre-built (or custom) rules and sends alerts as configured....

2017-05-22 · 4 min · Jon Mark Allen

Security Onion - Validating EXE/DLL Download Alerts

All of this was prior to the latest versions of Security Onion which now run inside docker instances. I’ve not yet looked to see how this would be replicated there. But I’m leaving this up for historical purposes. As I’ve mentioned before, Security Onion is a fantastic network security-focused Linux distribution which can monitor your network and/or hosts for malicious activity. The Onion can run Snort or Suricata as a network IDS, and it can also run broZeek alongside those traditional IDS engines to add another layer of intelligence....

2017-05-17 · 8 min · Jon Mark Allen

Using ncat in Broker Mode

I was looking through the various options for ncat and came across an option I hadn’t seen before: Broker mode. After reading through the examples, I learned that the --chat mode is really just a special mode of connection brokering. In ncat, “brokering” a connection allows multiple connections to the same listening instance, and takes the input from one connection and send it as output to all the other connections. The ncat chat server adds labels to who said what to help keep the confusion down, but in every other way, it is simply a brokered connection....

2016-11-09 · 3 min · Jon Mark Allen