Added note about Digital Ocean Cloud Firewalls

master
bluscreenofjeff 2017-06-07 01:29:16 -07:00
parent cc0812df4c
commit f5913ffd79
1 changed files with 1 additions and 1 deletions

View File

@ -318,7 +318,7 @@ In 2016, remote code execution vulnerabilities were disclosed on the most common
* [Empire Fails - Will Schroeder](http://www.harmj0y.net/blog/empire/empire-fails/)
* [Cobalt Strike 3.5.1 Important Security Update - Raphael Mudge](http://blog.cobaltstrike.com/2016/10/03/cobalt-strike-3-5-1-important-security-update/)
**iptables** should be used to filter unwanted traffic and restrict traffic between required infrastructure elements. For example, if a Cobalt Strike teamserver will only serve assets to an Apache redirector, iptables rules should only allow port 80 from the redirectors source IP. This is especially important for any management interfaces, such as SSH or Cobalt Strikes default port 50050. Also consider blocking non-target country IPs.
**iptables** should be used to filter unwanted traffic and restrict traffic between required infrastructure elements. For example, if a Cobalt Strike teamserver will only serve assets to an Apache redirector, iptables rules should only allow port 80 from the redirectors source IP. This is especially important for any management interfaces, such as SSH or Cobalt Strikes default port 50050. Also consider blocking non-target country IPs. As an alternative, consider using hypervisor firewalls provided by your VPS providers. For example, Digital Ocean offers [Cloud Firewalls](https://www.digitalocean.com/community/tutorials/an-introduction-to-digitalocean-cloud-firewalls) that can protect one or multiple droplets.
**chattr** can be used on teamservers to prevent cron directories from being modified. Using chattr, you can restrict any user, including root, from modifying a file until the chattr attribute is removed.