« Previous 1 2

CrowdSec crowd security service

Strength in Numbers

Instances and Bouncers

Once the local CrowdSec instance is configured, you can connect it to the service by typing something like:

cscli console enroll cl5zgf4qs00 030wjqmvrt7s30

The web console must be running on the computer, and you need to be authenticated. After that, you will see that instance under Instances in the web interface. Clicking Accept adds it to the interface. From this moment on you can see the status of the server. Security information about the connected server can be obtained with Alerts , and Activity shows the last actions you have performed (e.g., to which servers you connected).

Bouncers block the attacks detected by CrowedSec. You must install these on the server. With Windows, for example, the bouncer for Windows Firewall manages and automatically updates rules for blocking suspicious IP addresses. Windows also requires the .NET6 framework. The full installation files are on the GitHub page [3]. The bouncer configuration is described in more detail online [4].

Conclusions

Cybercriminals often act as a group. One way of combating attackers is to join a community yourself and leverage the information gathered by all of its members. Systems such as CrowdSec support most Linux distributions and Windows. As shown here, however, some manual reconfiguration work is required.

Infos

  1. CrowdSec: https://www.crowdsec.net
  2. CrowdSec agents on GitHub: https://github.com/crowdsecurity/crowdsec
  3. Windows Firewall bouncer: https://github.com/crowdsecurity/cs-windows-firewall-bouncer/releases
  4. CrowdSec on Windows: https://docs.crowdsec.net/docs/getting_started/install_windows/

The Author

Thomas Joos is a freelance IT consultant and has been working in IT for more than 20 years. In addition, he writes hands-on books and papers on Windows and other Microsoft topics. Online you can meet him on http://thomasjoos.spaces.live.com.

« Previous 1 2

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
Print Issues
Digital Issues
 
SUBSCRIPTIONS
Print Subs
Digisubs
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Building a defense against DDoS attacks
    Targeted attacks such as distributed denial of service, with thousands of computers attacking your servers until one of them caves in, cannot be prevented, but they can be effectively mitigated.
    more »
  • MobaXterm: Unix for Windows

    MobaXterm, a portable X server for Windows, bundles built-in Unix/Posix tools into a single portable EXE file, letting you use a Linux command line and tools on the Windows desktop.

    more »
  • Lead Image © Endrille, Fotolia
    Monitor your network
    Use the open source Pandora FMS monitoring server to keep an eye on all the computers and network devices in your realm.
    more »
  • Migrating to Azure Monitor Agent
    The replacement for the Log Analytics Agent has improved security and cost efficiency, better manageability, and greater reliability – and you must migrate to this new solution by the end of 2024.
    more »
  • Photo by Pablo Heimplatz on Unsplash
    Server update with Azure Update Management
    Microsoft Azure Update Management automatically patches servers in on-premises data centers, virtual servers on Azure and other cloud services, and even Linux servers.
    more »
comments powered by Disqus