search

freelawproject / courtlistener

A fully-searchable and accessible archive of court data including growing repositories of opinions, oral arguments, judges, judicial financial records, and federal filings.
https://www.courtlistener.com
Other
500 stars 138 forks source link

Implement a netflow capturing and monitoring program #1586

Open mlissner opened 3 years ago

mlissner commented 3 years ago

After we have OSSEC (#1574) and canaries in place, we should implement a netflow system to capture and log our network traffic, as recommended here:

https://twitter.com/thegrugq/status/1364582988734849026

One recommendation is softflowd: https://github.com/irino/softflowd.

I also wonder if there's something we could run directly on our router. This might, officially, be overkill, but it's the kind of thing we'll want if we ever have an incident.

mlissner commented 1 year ago

Note that AWS has a few solutions:

This looks complicated and expensive:

https://docs.aws.amazon.com/vpc/latest/mirroring/what-is-traffic-mirroring.html

This we should probably set up b/c it's not that hard and it's probably useful and cheap:

https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html

mlissner commented 1 month ago

I'm sort of thinking that mirroring will be more expensive and complicated than we need, but the flow logs are probably a good idea.