« Previous 1 2

CrowdSec crowd security service

Strength in Numbers

Instances and Bouncers

Once the local CrowdSec instance is configured, you can connect it to the service by typing something like:

cscli console enroll cl5zgf4qs00 030wjqmvrt7s30

The web console must be running on the computer, and you need to be authenticated. After that, you will see that instance under Instances in the web interface. Clicking Accept adds it to the interface. From this moment on you can see the status of the server. Security information about the connected server can be obtained with Alerts , and Activity shows the last actions you have performed (e.g., to which servers you connected).

Bouncers block the attacks detected by CrowedSec. You must install these on the server. With Windows, for example, the bouncer for Windows Firewall manages and automatically updates rules for blocking suspicious IP addresses. Windows also requires the .NET6 framework. The full installation files are on the GitHub page [3]. The bouncer configuration is described in more detail online [4].

Conclusions

Cybercriminals often act as a group. One way of combating attackers is to join a community yourself and leverage the information gathered by all of its members. Systems such as CrowdSec support most Linux distributions and Windows. As shown here, however, some manual reconfiguration work is required.

Infos

  1. CrowdSec: https://www.crowdsec.net
  2. CrowdSec agents on GitHub: https://github.com/crowdsecurity/crowdsec
  3. Windows Firewall bouncer: https://github.com/crowdsecurity/cs-windows-firewall-bouncer/releases
  4. CrowdSec on Windows: https://docs.crowdsec.net/docs/getting_started/install_windows/

The Author

Thomas Joos is a freelance IT consultant and has been working in IT for more than 20 years. In addition, he writes hands-on books and papers on Windows and other Microsoft topics. Online you can meet him on http://thomasjoos.spaces.live.com.

« Previous 1 2

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
Print Issues
Digital Issues
 
SUBSCRIPTIONS
Print Subs
Digisubs
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Building a defense against DDoS attacks
    Targeted attacks such as distributed denial of service, with thousands of computers attacking your servers until one of them caves in, cannot be prevented, but they can be effectively mitigated.
    more »
  • MobaXterm: Unix for Windows

    MobaXterm, a portable X server for Windows, bundles built-in Unix/Posix tools into a single portable EXE file, letting you use a Linux command line and tools on the Windows desktop.

    more »
  • Photo by Rayner Simpson on Unsplash
    Intrusion Detection with OSSEC
    The OSSEC free intrusion detection and host-based intrusion prevention system detects and fixes security problems in real time at the operating system level with functions such as log analysis, file integrity checks, Windows registry monitoring, and rootkit detection. It can be deployed virtually anywhere and supports the Linux, Windows, and macOS platforms.
    more »
  • Lead Image © blas, Fotolia.com
    Windows Server 2016 for small servers
    Small businesses often do not need the full-blown version of Windows Server 2016. If the application scenarios are manageable, the cheaper Essentials version is the ideal solution; however, it does come with a number of restrictions.
    more »
  • New Exploit Bypasses Windows AppLocker
    more »
comments powered by Disqus