I have mentioned in previous blog articles about centralized logging and monitoring. I have experimented with various metrics collection tools and log tools. Currently all the logs are being ingested i.e collected but no proper analysis.
I have read about ELK stack and based on the articles and the availability of plugins, seems like ELK stack is the perfect choice.
Over the next few weeks I would be implementing ELK stack and would definitely share some knowledge.
In the past I have mentioned about the NIST Cyber Security Framework and as part of implementing NIST Cyber Security Framework and improving the security at ALight Technology And Services Limited, additional logging, monitoring and alerting systems are being implemented i.e ALight Technology And Services Limited’s stance when it comes to Cyber Security is hardened security is the top most priority before any kind of consumer / customer data is stored. This helps ALight Technology And Services Limited’s long term vision of providing several B2B, B2C free, paid and freemium products.
I wanted to do a live coding session for a little security utility / tool but ended up showing several things, the need for such a tool and talked about the sophisticated spies / hackers equipment. I will definitely do some live coding and open source the tool.
In the past I have mentioned about having proper MFA enabled VPN in some of my Youtube videos on ALight Technology And Service’s official Youtube channel (https://www.youtube.com/@alighttechnologyandservicesltd), I have come across a free VPN known as Pritunl, and Pritunl has SSO support and YubiKey support as per the documentation located here. However there is a glaring security issue in the setup process. The passwords and keys are generated and shown in plain text. This is a very big problem. So, I thought I would create a set of two tools that would do the following:
Tool-1 (on the server):
Accepts a Key, IV i.e prompts for Key and IV, but when these are entered, the tool would not display the values i.e does not output the key and IV entered on the screen (more like prompting for a password).
Prompts for a command to run
Executes the command, captures the standard output and standard input.
If there is a error – displays on the screen
If no error, encrypts the standard output and displays on screen.
Tool-2 (on the clientside – on the laptop)
Generate a IV, Key for symmetric encryption.
Copy the Key to clipboard when required (button click for Windows application or some kind of console press key)
Copy the IV to clipboard when required
Accept a block of string, decrypt and copy the plaintext into clipboard.
Whenever anything is copied into clipboard, automatically clear clipboard after a configurable time such as 10 or 20 seconds.
With these 2 tools, I can generate a new Key, IV pair, launch the server tool, input the key, IV. Then I can run some command, get the keys or passwords generated by commands encrypted and displayed. I can copy the outputted value on server into the desktop app, then decrypt and use wherever I want.
These are tools not necessary everyday but definitely necessary, especially if being targeted by hackers, spies and ransom asking goons (aka takers / all). I am considering open sourcing the code for these 2 tools. This code can also serve as an introduction to symmetric encryption in C#. The code would also have some usage of System.Diagnostics.Process class. I might even do a live coding session, shouldn’t take longer than 15 – 20 minutes. If I do a live coding session, I would explain the concepts.
Centralizing config generation into a re-usable library, having a wrapper class around reading the config. Now the consuming classes do not need to know the details of where or how to get config values. For example, the config can be stored in plain-text / encrypted, can be stored in text files or something like AWS Secrets Manager.
public static void GenerateConfig()
{
var retVal = new ConfigurationBuilder()
.SetBasePath(Directory.GetCurrentDirectory())
.AddJsonFile(<ConfigFile>, optional: false, reloadOnChange: true)
.AddJsonFile(<ConfigFile2>, optional: false, reloadOnChange: true)
.AddEnvironmentVariables()
.Build();
ConfigHelper.Configuration = retVal;
}
Code for converting DateTime into Unix epoch and back to DateTime
private static DateTime epoch = new DateTime(1970, 1, 1, 0, 0, 0);
public static long GetUNIXDate(DateTime value)
{
return (Int64)value.Subtract(epoch).TotalSeconds;
}
public static DateTime GetNormalDateFromUnix(long value)
{
return epoch.AddSeconds(value);
}
Code for determining if a string consists entirely of ASCII text or not
Code for removing non-ASCII characters and retrieving just the ASCII characters from a string
private static readonly Regex asciiRegex = new Regex(@"[^\u0000-\u007F]+", RegexOptions.Compiled);
public static string GetASCIIOnly(string value)
{
if (value == null) return String.Empty;
return asciiRegex.Replace(value, String.Empty);
}
Code for getting a smaller chunk of a long string and if necessary append … at the end – useful on web pages showing first few characters of a longer text.
public static string GetSnippet(string value, int length, bool appendDots)
{
if (String.IsNullOrWhiteSpace(value)) return String.Empty;
if (value.Length < length - 3) return value;
if (appendDots)
{
return $"{value.Substring(0, length - 3)}...";
}
else
{
return value.Substring(0, length);
}
}
As I have mentioned in a previous blog post – Business activities would continue normal, the primary focus right now is enhancing monitoring and alerting. The strategy is to have a centralized logging and monitoring. Then anomaly detection and alerts. As part of this effort, I came across an excellent utility known as collectd. This tool is easy to install and configure. An alternate is statsd.
I have been looking for metric tools i.e servers that are lightweight, easy to configure and can be easily used from C# applications i.e I want to ingest metrics from my C# applications and consume from C# applications. collectd has GRPC plugin, this would mean a GRPC application can be developed in any programming language. I would definitely provide some code examples for ingesting metrics and reading metrics in the future. For now this is a getting started with collectd blog post.
The installation instructions are bit messed up for collectd, specifically the service file of collectd needs to be manually edited based upon your installation location. As of now, I am collecting some simpler metrics, but there are some plugins that would allow for enhanced metrics gathering.
All the logs are being ingested into AWS CloudWatch. Now, I would be developing some dashboards for monitoring, setting up alerting rules etc… I don’t like existing monitoring front-ends due to very less security restrictions. I want my dashboard to be very secure.
The list of library dependencies for plugins can be found here: README
> sudo apt-get install build-essential
// Install any necessary dependency libraries of plugins, I have installed the following
> sudo apt-get install libgrpc-dev libiptc-dev libmysqlclient-dev libprotobuf-dev libprotobuf-c-dev
> cd cd /tmp/
> wget https://storage.googleapis.com/collectd-tarballs/collectd-5.12.0.tar.bz2
> tar jxf collectd-5.12.0.tar.bz2
> cd collectd-5.12.0
> ./configure
> make all install
> sudo nano /opt/collectd/etc/collectd.conf
I have enabled logfile, syslog, cpu, csv, df, disk, load, memory, swap, uptime, users plugins. These plugins require very less configuration. For csv specify an directory in configuration, for logfile specify a file.
The following was for Ubuntu, but based upon your system edit the collectd.service file. Look for the proper location of the config file, binary and then enable and start the service. On Ubuntu:
Service file: /lib/systemd/system/collectd.service
First store the name of file, Creation Date, Size, Last Modified Date. These can be accessed from FileInfo object.
var fi = new FileInfo("path");
fi.CreationTimeUtc
fi.LastWriteTimeUtc
fi.Length
Now, in a loop read the file, if new file i.e CreationTime is different read from beginning. If Length or LastWriteTime are different but same CreationTime, do a seek.
long seek = 0;
while(<some condition>)
{
using(sr = new StreamReader(fi.OpenRead()){
sr.BaseStream.Seek(seek, SeekOrigin.Begin);
var data = await sr.ReadToEndAsync();
seek += data.Length;
// Do something with data
// Store filename, seek in some persistent storage like a file
}
The above code block shows some sample code for using seek, we would store the variable seek along with FileCreation, Update, Length. Even if the application is restarted, the application would work properly.
On December 22nd at 17:45 India Standard Time (12:15 GMT / 07:15 EST), I am doing a live video on showing the security. That’s why they were not able to hack my WordPress although they had a very powerful spying / hacking equipment.
YubiKey Bio:
I have Yubikey Bio, it’s a biometric authentication USB device. Some websites support multi-factor authentication with hardware devices such as Yubikey. The difference between normal hardware keys and Yubikey Bio is the biometric authentication. With normal hardware keys anyone with access to the USB device can login, but with Yubikey Bio – biometric authentication happens i.e Yubikey Bio verifies fingerprint.
Nextend Social Login Plugin for WordPress:
Nextend Social Login Plugin – This plugin allows me to login via Google. There is a little setup in GCP console. But ultimately allows me to use Google login. I have configured in such a way that only admin@alightservices.com is allowed to login using Google authentication. I have secured my Google login to use Yubikey Bio.
Duo Two-Factor Authentication:
Duo Two-Factor Authentication allows further securing the wordpress installation by using Yubikey Bio. There is a little bit of configuration to be done.
In this setup I first need to login into my Google account – admin@alightservices.com, then I am prompted for Biometric authentication. Then I login into wordpress and once again I am prompted for biometric authentication. This way no one else can login into my WordPress account.
By reviewing the logs, there have been several thousand login attempts but all of those have been thwarted with this setup. i.e even with proper password, they can get to the MFA screen but not any further.
India’s R&AW spies have a very powerful spying / hacking equipment. I think it might be invisible drone with very powerful capabilities such as recording video, audio, speakers used for whispering and even mind reading capabilities. With such a powerful hacking equipment, normal usernames and passwords are obsolete. The list of hackers/impersonators/identity thieves might include: erra surnamed people – diwakar / karan / kamalakar / karunkar / erra sowmya / erra sowjanya / zinnabathuni sowjanya / thota veera / uttam / bojja srinivas / mukesh golla / bandhavi / female identity thieves who claim to have my first name – Kanti and their helper pimp Kalyan’s (I am Kanti Kalyan Arumilli – those escorts and pimps tried to break my identity). Some of them have multiple aliases and multiple surnamed virtual identities.
“In this article, we are going to learn how to secure passwords with BCrypt.NET to ensure we are up to the industry standards when it comes to security in our .NET environment.”
“Recurring, background tasks are widespread and very common when building applications. These tasks can be long-running or repetitive and we don’t want to run them in the foreground, as they could affect the user’s experience of the application. So instead we must schedule these jobs to run in the background somewhere. To achieve this in .NET, we can use the Quartz.NET library to manage the creation and scheduling of these jobs.”
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
Cookie
Duration
Description
cookielawinfo-checkbox-advertisement
1 year
Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional
11 months
The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy
11 months
The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.