Detecting and/or mitigating rapid exfiltration of RDBMS data

In this post I wanted to explore some of the lesser used features of iptables, and showing how iptables can be combined with a dual-homed Linux server to act as a data rate control. This is a cheap alternative to using a dedicated firewall.

Continue reading “Detecting and/or mitigating rapid exfiltration of RDBMS data”

Logging outbound TCP connections on Linux servers

In my experience, you can never have enough logging information. If you’re trying to piece together the causes of system failure, or attempting to trace the origins of a cyber-attack, you’re logs are often crucial in either case. In this post I’ll show how you can enhance a Linux installation to log all outbound TCP connections for future reference.

Continue reading “Logging outbound TCP connections on Linux servers”

Writing good ad-hoc security assessments – Part 1

I’ve seen a lot of attempts over the years at technical security assessments (TSAs, as good as any other term to describe them), both more GRC-oriented and technically-focused.

I’ve not yet seen a TSA that fits the bill fully, so in this post I’m setting out some ideas on what makes a good assessment and when it should be used.

Continue reading “Writing good ad-hoc security assessments – Part 1”

WordFence Review – The leading WordPress CMS IPS?

For several weeks I’ve been trialling WordFence on my blog, not that you’d have noticed it.

WordFence is a plugin that can be added to any existing WordPress installation, adding Intrusion Detection and Prevention capabilities usually encountered on application layer gateways.

Continue reading “WordFence Review – The leading WordPress CMS IPS?”

Getting xrdp up and running on Ubuntu 18 LTS

If you upgrade from 16.04 LTS to 18 LTS, you might find your XRDP installation fails to start. My advice is to remove the XRDP package and purge the configuration files after backing them up.

I set up XRDP so infrequently, I’ve noted down some notes for reference below.

Continue reading “Getting xrdp up and running on Ubuntu 18 LTS”

Is a retpoline-enabled kernel ‘enough’ to fully protect against Spectre Variant 2?

The Spectre attack exposed processors to memory disclosure attacks. Manipulation of indirect kernel calls may allow side channel retrieval of memory content (Branch Target Injection).

The Linux kernel was subsequently enhanced to mitigate this Variant II attack using the retpoline feature.

Continue reading “Is a retpoline-enabled kernel ‘enough’ to fully protect against Spectre Variant 2?”