Detecting and/or mitigating rapid exfiltration of RDBMS data

In this post I wanted to explore some of the lesser used features of iptables, and showing how iptables can be combined with a dual-homed Linux server to act as a data rate control. This is a cheap alternative to using a dedicated firewall.

Continue reading “Detecting and/or mitigating rapid exfiltration of RDBMS data”

Logging outbound TCP connections on Linux servers

In my experience, you can never have enough logging information. If you’re trying to piece together the causes of system failure, or attempting to trace the origins of a cyber-attack, you’re logs are often crucial in either case. In this post I’ll show how you can enhance a Linux installation to log all outbound TCP connections for future reference.

Continue reading “Logging outbound TCP connections on Linux servers”