Leveraging a block list provided by someone else
This is a continuation of posts on Network Security
Timeout from my latest blog series as I have a new Azure class coming up so I may be skipping around a bit, but I will be continuing the CloudSecurity Automation Series as time allows. Right now I’m going to jump back over to my home networking series for a second. I have some changes I need to make.
I’ve written before about how you might want to leverage aliases to block IP ranges that are known to host scanners and scammers:
Have you ever looked at the traffic hitting your network on two high ports? More on that and one network rule that can weed out a lot of bad traffic here. Unfortunately you can’t do this in AWS Security Groups or NACLs and other basic security controls on in other cloud environments. You should be able to do it on an AWS Firewal but I haven’t tried it yet.
One Rule To Identify Network Noise
I’ve been tracking some of the scanner traffic and adding it to aliases over time. Now I want to transfer that configuration to another device. It’s a different device so I don’t want to copy all the configuration, but I do wnat my aliases so I can create the appropriate rules to block traffic. Although I have a lot of IP ranges in my aliases my firewall seems to be able to handle the load because I immediately drop bad traffic.
Backing up Aliases on PFSense
In this post we want to back up an our aliases on one PFSense device to transfer to or share with another device.
First head over to Diagnostics > Backup & Restore.
Choose Aliases from the drop down list next to Backup area.
Click download configuration as XML. Store it wherever is appropriate on your local device.
Backup other system configuration data
Next I can back up other parts of the system configuration I want to copy to a new device.
I’m going to pick and choose what I copy over. That seems a bit safer than trying to apply a complete configuration. My devices have a different number of ports so things aren’t going to exactly translate.
Now that I’ve backed up my files I can move them to a new device.
Adding Aliases to a different device or restoring a backup
Now you can log into the new device and reverse the process.
You can repeat that process with any other portions of a configuration you want to backup and restore to another device.
Next I’m going to fire up a new PFSense device.
Follow for updates.
Teri Radichel
If you liked this story please clap and follow:
******************************************************************
Medium: Teri Radichel or Email List: Teri Radichel
Twitter: @teriradichel or @2ndSightLab
Requests services via LinkedIn: Teri Radichel or IANS Research
******************************************************************
© 2nd Sight Lab 2022
____________________________________________
Author:
Cybersecurity for Executives in the Age of Cloud on Amazon
Need Cloud Security Training? 2nd Sight Lab Cloud Security Training
Is your cloud secure? Hire 2nd Sight Lab for a penetration test or security assessment.
Have a Cybersecurity or Cloud Security Question? Ask Teri Radichel by scheduling a call with IANS Research.
Cybersecurity & Cloud Security Resources by Teri Radichel: Cybersecurity and Cloud security classes, articles, white papers, presentations, and podcasts
Backup and Restore PFSense Aliases was originally published in Cloud Security on Medium, where people are continuing the conversation by highlighting and responding to this story.
