嚴格來說我身兼數職,我既是開源項目開發者、系統管理員、網絡滲透測試員、資訊科技安全硏究員、又是公司文員。我是一名資訊科技安全愛好者,擁有有關的專業認證,就是 OSCE,OSCP 及 OSWP。
我家裏有兩個網絡,一個是日常運作的網絡另一個是用作滲透測試和軟件測試之用。日常運作的網絡中有一台網頁伺服器,一台私人雲端檔案伺服器,一台虛擬系統伺服器,二台路由器和一台防禦入侵系統,網頁伺服器還有人工智能網頁防火牆。
我每日的例行工作是更新所有桌面系統及伺服器系統,閱讀有關資訊科技安全有關的新聞和硏究報告,開發資訊科技安全有關的開源軟件或系統,撰寫博客等,作為一個業餘的資訊科技安全人員來說真是工作煩多。
因為我有編程和資訊科技安全底子,所以我開發了一些資訊科技安全的開源項目,其中有防禦入侵系統 (Croissants,牛角麵包) 和人工智能網頁防火牆 (Longjing,龍井),它們都是由我自主硏發的。
我所開發的防禦入侵系統能夠防止已知具有惡意的網絡地址存取我的網絡、可以防止已知的惡意軟件的下載或存取、可以防止網絡掃描軟件向我的網絡進行掃描、可以防止一些已知的安全漏洞被利用、防止我瀏覽一些已知的惡意網站。它具有極低的延遲特性,可以讓我流暢地觀看 4K 視頻及玩綫上遊戲,而且所有防禦入侵的安全規則都是免費的,更兼容各大常用電腦和手機系統。在硬件上的要求並不算高,建設成本極低,具有效率高和防禦性強及經濟的特性。
至於網頁防火牆,它是一個深度學習的人工智能網頁防火牆,這是一個開源項目。它主要是防禦資料庫注入 (SQL Injection, SQLi) 的攻擊,但它亦能夠防禦跨站腳本 (Cross Site Scripting, XSS) 和一些較低危險性的攻擊,它更具有迷惑網站漏洞掃描器的能力。若果有惡意的黑客利用網站漏洞掃描器來掃描我的網站,他們的掃描器會回報極多的漏洞,但是這些漏洞完全都是誤報的,這樣那些惡意的黑客就會被我的網頁防火牆誤導而浪費了很多時間去對每一個誤報的漏洞來查證。這個人工智能網頁防火牆極易安裝和維護,雖然效率並不十分高但其偵測準確率達到九十九巴仙以上,這是十分不錯的。
就是因為這兩個由我自主硏發的開源項目的應用,我可以比較安心地處理其他的資安事項而無需時常要親力親為地監察我的網絡安全。雖然這個世界上沒有絕對安全的電腦系統 (No System Is Safe),但我的開源項目的確能夠分擔一些煩重的資安工作,這是非常理想的。再加上我在每一台 Linux 桌面系統及 Linux 伺服器都加固了,尤其是火狐瀏覽器,這樣我就更安心了。
我就是這樣保衛我的橋頭堡 - 網絡。
Bridgehead Defense
I am not only a clerk but also an open source project developer, system administrator, penetration tester, information security (infosec) researcher. I am an information security enthusiast with OSCE, OSCP and OSWP certificates.
I have two networks at home, one of them is for production and the other is for testing purpose. There are a web server, a private cloud server, a virtual machine hosting server, two routers, an intrusion detection and prevention system (IDPS) in the production network. Meanwhile, there is a web application firewall (WAF) for the web server too.
I update all my desktops and servers; read information security articles and research reports; developing infosec related open source projects and writing blog articles every day. It is a lot of work for a amateur information security guy indeed.
Since I have programming and infosec background, I develop some infosec related open source projects, such as IDPS (Croissants) and deep learning driven WAF (Longjing).
The IDPS prevents known IP addresses with malicious intention to access my network; it prevents known malware from being downloaded or accessed; it prevents my network from being scanned by vulnerability scanners; it prevents known vulnerabilities from being exploited; and it prevents me from accessing malicious web sites. Meanwhile, I can watch 4K video and play demanding online games due to the low latency of the IDPS. All the rules are free of charge and it is compatible with popular operating systems and smartphones. It is a low cost and high performance solution.
For the WAF, it is an open source deep learning driven WAF which is mainly designed for prevent the web application from being attacked by SQL Injection (SQLi). However, it also detects Cross Site Scripting (XSS) and other vulnerabilities too. It spoofs all the web application vulnerability scanners that causing it to produce a lot of false positive results. Malicious hackers will waste a lot of time to figure out what is happened. Although the WAF is not designed for performance, the SQLi detection rate is over 99%.
It is what my open source infosec projects implemented into my network for security purpose that allows me to do my researches and infosec projects development without worry. Although no system is safe, it helps me a lot for the network monitoring. Meanwhile, I also hardened all my Linux desktops and Linux servers and including browser - Firefox. As a result, I am feeling very good for that.
It is the story about my bridgehead defense - network.