The Graylog Blog

Showing posts tagged with Security

Protecting Graylog from Data Ransom Attacks

As you may have read, there are currently ongoing data ransom attacks on misconfigured databases like MongoDB and Elasticsearch. The attacks are not exploiting a security issue in these tools, but hackers simply search for instances that are not password protected and are accessible from the internet.

Read more >

Investigating the RCE attack that knocked out 900,000 German routers on Sunday

I woke up this morning to news that 900,000 customers of Deutsche Telekom in Germany were hit by network outages. My first thought was that this was simply a configuration issue or hardware failure which happens from time to time. However, one thing stood out to me: In a German news article, Deutsche Telekom was quoted saying that a reboot of the affected DSL router is fixing the problem temporarily. With this piece of information, it made me think that something influenced the routers from the outside and a reboot fixed the issue, until the same device was hit again. Could this be a mass-scanning attack similar to how the Mirai botnet was formed?

Read more >

Tapping Wires for Lean Security Monitoring: DNS Request Analysis with Open Source Software

As we continue our discussion on security monitoring, we find there are multiple ways to defend attackers on the outside network perimeters and to detect intruders that have landed inside your network. The combined force of virus scanners, firewalls, IDS systems, and a log management system is a great way to protect your network.

We would like to introduce an additional method of security monitoring: capturing all DNS requests that are made within your network.

Read more >

Visualize and Correlate IDS Alerts with Open Source Tools

Our final post in our three part series on security focuses on configuring IDS alerts in an open source environment. We will walk through integrating the IDS tool, Snort, with Graylog in order to detect and analyze suspicious activity. We will then provide examples of correlating IDS alerts with both network connection and operating system logs using Graylog.

Read more >