This project aimed to enhance the security posture of my computer system by setting up a virtual server on Linode and deploying the Wazuh Security Information and Event Management (SIEM) tool. The primary objectives included identifying, analyzing, and mitigating vulnerabilities on the system through proactive monitoring and incident response. Project Components
- Utilized Linode to provision a virtual server, ensuring secure and optimized configurations.
- Implemented proper network segmentation to enhance isolation and security.
- Configured firewalls and access controls to restrict unauthorized access.
- Installed and configured Wazuh Manager for centralized log collection and analysis.
- Integrated Wazuh agents on target systems to facilitate real-time event monitoring.
- Customized rules and alerts to align with specific security requirements.
- Conducted comprehensive vulnerability scans using tools like OpenVAS and Nessus.
- Prioritized vulnerabilities based on severity, exploitability, and potential impact.
- Established a regular scanning schedule to maintain an up-to-date security posture. ###4 Vulnerability Remediation
- Implemented patches and updates for operating systems and software.
- Configured security settings to align with industry best practices.
- Employed secure coding practices and configuration hardening to address vulnerabilities. ###5 Incident Response Planning
- Developed an incident response plan outlining procedures for detecting and responding to security incidents.
- Conducted tabletop exercises to ensure the effectiveness of the incident response plan. ###6 Examples of Addressed Vulnerabilities
- Identified and remediated a critical vulnerability related to insufficient password length requirements.
- Implemented a policy enforcing minimum password length to enhance user authentication security.
- Users are now required to create and maintain passwords with a minimum length of [X] characters.
- Lack of Password Expiry Policy (CVE-2023-0002):
- Resolved a security concern regarding the absence of a password expiry policy.
- Implemented a password expiration policy, prompting users to change their passwords regularly.
- Users are now required to update their passwords every [Y] days, reducing the risk of prolonged exposure to compromised credentials.
- Mitigated the risk associated with weak password complexity.
- Enhanced the password policy to include requirements for a combination of uppercase and lowercase letters, numbers, and special characters.
- Users are now prompted to create stronger, more resilient passwords that are less susceptible to brute-force attacks.
-
Implemented comprehensive logging and monitoring for password-related events.
-
Integrated Wazuh SIEM to actively monitor and alert on password changes, resets, and failed login attempts.
-
Improved visibility into user authentication activities to swiftly detect and respond to any suspicious behavior. ###Achievements
-
Successfully deployed a robust SIEM infrastructure, enhancing the ability to detect and respond to security incidents.
-
Improved the overall security posture of the system by addressing and mitigating critical vulnerabilities.
-
Established a proactive vulnerability management process, reducing the attack surface and potential impact of security inciden