I've worked in the software security space for about 5 years now, both in identity management and now SIEM/log analytics.
One useful UNIX command I never had experience with - until now - was nmap.
A big problem that we've encountered has been some services that work with elasticsearch were easily disrupted by external nmap scans.
To remedy this we had to reduce the number of externally accessible ports and also use nginx as a reverse proxy that would make people log into our web interfaces with a username and password.
NMAP:
There seem to be non-intrusive and more intrusive versions of nmap, to test what ports are open on a remote server and also more aggressive scanning and faster execution, respectively.
Some sample comands:
nmap -p 1-65535 [IP of server]
nmap -p [port range],[another individual port if needed] -T4 -A -v [IP of server]
These commands were definitely helpful when trying to verify the lock down of our ports; especially with some services like elasticsearch and cassandra. Additionally putting nginx in front of web browser services (e.g. elasticsearch HQ) that helped out even more.
nmap is certainly a nice tool for testing port lockdown.
No comments:
Post a Comment