Our great sponsors
-
-
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
Wazuh
Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
-
I actively monitor my enterprise-class home firewall pfSense and send firewall events in real-time to an Elasticsearch/Logstash/Kibana (ELK) server on my local area network (LAN). This enables me to explore firewall data in detail. I also keep the data for 12 months. To summarize, my lowly residential public IP is scanned on average about once every 10 seconds and sometimes up to 30 times per second. The top ports scanned/probed are: telnet, ssh, http, and https. Top countries scanning me are USA, Russia, China, and a few countries known to have nefarious hosting centers, notably The Netherlands, Germany, and Seychelles.
I actively monitor my enterprise-class home firewall pfSense and send firewall events in real-time to an Elasticsearch/Logstash/Kibana (ELK) server on my local area network (LAN). This enables me to explore firewall data in detail. I also keep the data for 12 months. To summarize, my lowly residential public IP is scanned on average about once every 10 seconds and sometimes up to 30 times per second. The top ports scanned/probed are: telnet, ssh, http, and https. Top countries scanning me are USA, Russia, China, and a few countries known to have nefarious hosting centers, notably The Netherlands, Germany, and Seychelles.
Active measures may include an intrusion detection system / intrusion prevention systems (IDS/IPS) such as open-source Suricata on the firewall, and installing file system integrity monitoring, such as the open-source Wazuh on the exposed server. These are combined in one open-source solution, Security Onion
VPN subnet: I configured a "client" to my VPN service provider directly on pfSense. This creates a network gateway that is the entrance to an encrypted tunnel from my firewall/router to the VPN service provider. The traffic in this tunnel is encrypted from my private network to the VPN provider, and only then exits to the Internet. The VPN subnet in pfSense firewall rules is restricted to use only this network gateway. As a result, all systems connected to (with an IP address on) the VPN subnet exit the local network only through a VPN gateway without any further configuration. There also is a local DNS server, Pi-hole on this subnet. Traffic on the VPN subnet together as defined in firewall rules is isolated from other subnets.