Smathermather's Weblog

Remote Sensing, GIS, Ecology, and Oddball Techniques

Beefing up the firewall using Artillery

Posted by smathermather on March 13, 2012

We have a project that an external group is helping with, and wanted a hardened machine for them to ssh into without worries.

For projects like this, I recommend you wander over to secmaniac to see Dave Kennedy’s blog on security related stuff.  He’s got out a relatively new tool (a few months old) that’s (a first for him) on the defensive side of security (as opposed to the breaking stuff side of security) called Artillery.  Now I know, you are probably a geospatial professional and therefore leave the security to someone else (if at all).  Don’t.  It’s no fun to be pwned.

Anyway, I deployed it on Ubuntu 11.10 with great ease, just svn a copy and follow the directions in the readme.  It will re-write your firewall rules, leave some ports of your choice open for sniffing, and then write a permanent deny entry for connecting on your machine’s ports.  I banned my own machines pretty quickly before remembering to whitelist… .  In Dave’s words:

“Artillery is a tool designed to confuse attackers and block them before an actual attack occurs. Artillery is a newer project and does a combination of host monitoring, security hardening, and honeypot type defensive strategies. Artillery has an active component where if it detects a connection on a given port that is triggered as a honeypot, it will automatically block the offending IP address.”

I’m hoping to modify it a bit to handle whitelisting dynamic IPs, but I don’t think I even need to poke under the hood to do that– just write a script to modify the config file whitelist and reload.

While I advocate you look into this tool, do watch the licensing– while released under a modified BSD, it does have a clause requiring a hug and a beer be offered if you meet Dave in a bar.  Don’t use it if you aren’t comfortable with the terms.

One Response to “Beefing up the firewall using Artillery”

  1. […] Tags Analysis ArcGIS BASH Camera Calibration CLUSTER Contours Database Database Optimization DEM Digital Surface Model Ecological Land Type Ecological Modeling FOSS GDAL GeoExt Geoserver GeoWebCache GIS JSON labeling Leaflet LiDAR MapFish Maplex McNab Porro-Koppe PostGIS Postgre PostgreSQL POV-Ray povray Security Shell Scripting SLD SQL styled layer descriptor Technical Terrain Correction Tomcat Topographic Classification Topographic Position Triggers Vector Symbolization Viewshed Windows Command Prompt « Beefing up the firewall using Artillery […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: