2025-08-18
Keenetic as a VPN Client: Network-Wide Protection
Why Use a Router-Level VPN Client?
Setting up a VPN client on every individual device can be tedious. Moreover, many devices (Smart TVs, gaming consoles, IoT gadgets) don’t even support VPN connections. Keenetic solves this problem by acting as a central VPN client for the entire network. This allows you to protect all devices with a single VPN connection, eliminating the need to install and configure software on each one.
2025-08-15
Introduction: From Reactive Defense to Proactive Security
In 2025, attacks on servers are becoming increasingly sophisticated, and reactive measures (firewall, Fail2Ban, CrowdSec) are no longer enough. The modern DevSecOps approach requires proactive hardening—strengthening the system—to minimize the attack surface before public exploits appear.
Lynis remains one of the key open-source security auditing tools for Unix systems, but today it is crucial to complement it with integration into security standards frameworks (CIS, SCAP) and automation in CI/CD pipelines.
2025-08-14
Introduction: The First Line of Defense for Your Server
Before thinking about complex intrusion detection systems such as Fail2ban or CrowdSec, you need to build the first and most reliable line of defense—a firewall. A firewall controls all network traffic entering and leaving your server and blocks unauthorized connection attempts.
Traditionally, Linux servers have used iptables to manage firewalls, but its syntax can be complicated and confusing. Fortunately, there is a simpler and more intuitive tool — UFW (Uncomplicated Firewall).
2025-08-13
Introduction: From Local Defense to Global Protection
In the previous article, we explored Fail2ban — a reliable and time-tested tool for defending against brute-force attacks. However, Fail2ban only works with local logs and has no awareness of what’s happening on other servers. In today’s environment, where cyberattacks are increasingly distributed and sophisticated, we need a smarter and more collaborative solution.
Enter CrowdSec — a modern, open-source Intrusion Prevention System (IPS) that leverages a crowdsourced approach to build a global threat intelligence network.
2025-08-12
Introduction: Server Security — The First Line of Defense
Once you deploy any server or virtual machine, one of the first and most important tasks is ensuring its security. Even if your server doesn’t contain critical data, it can still be targeted by automated bots constantly scanning the internet for vulnerabilities. The most common type of attack against any server is brute-force password guessing, typically aimed at SSH access, FTP services, or web control panels.
2025-08-10
What is Xen?
Xen is a powerful and flexible Type 1 open-source hypervisor that runs directly on server hardware, delivering high performance. Its unique architecture, based on the concept of paravirtualization, became the foundation for many major cloud platforms, including the early versions of Amazon Web Services (AWS). Xen is known for its performance, security, and ability to flexibly manage resources, making it a popular choice for building scalable and fault-tolerant environments.
2025-07-19
We’ve explored the ELK Stack, its power — and, unfortunately, its licensing changes. These changes sparked debate within the open-source community and led to the creation of a worthy alternative — OpenSearch.
OpenSearch is a fully open-source fork of the last open versions of Elasticsearch and Kibana, released under the Apache 2.0 license. The project was initiated by Amazon Web Services (AWS) in 2021 and has since evolved as an independent open-source initiative under the OpenSearch Project.
2025-07-17
Why Do We Need Centralized Logging? Making Sense of Log Chaos
We’ve already discussed the importance of metrics monitoring for understanding the health of your IT infrastructure. But metrics are only part of the picture. To truly understand what’s happening inside your systems and applications, you need logs.
Logs are records of events generated by operating systems, applications, network devices, and nearly any software component. They capture what, when, where, and why something happened. Think of them as the “black box” of your infrastructure — an invaluable source of information for debugging, auditing, and incident investigation.
2025-07-16
In a world where cyberattacks are becoming increasingly sophisticated, protecting remote access to servers and network equipment is of paramount importance. Simply opening ports for SSH, RDP, or web interfaces makes them targets for constant scanning and brute-force attacks.
Today, we’ll explore a powerful yet lesser-known technique that significantly improves the security of your MikroTik (and not only): Port Knocking. It’s not just about “closing ports,” but a smart system that makes your services invisible to most scanners and bots.
2025-07-15
In the world of Linux and networking technologies, there are many subtle but critically important kernel settings. One such setting is rp_filter. This parameter, often overlooked, plays a key role in network security and correct packet routing. Let’s explore what it is, how it works, and why understanding it is essential for every system administrator.
What is rp_filter?
rp_filter stands for Reverse Path Filtering. It’s a Linux kernel mechanism that checks incoming network packets to verify whether they arrived on the interface through which a reply to the sender’s IP address would be routed.
