Pinoy IT Share

Automating OpenCanary Honeypot Integration with MikroTik In the modern cybersecurity landscape, relying solely on static firewall rules to drop packets is a failing strategy. Automated botnets and malicious actors constantly probe network perimeters. To truly secure an infrastructure—whether it is a complex enterprise environment or an advanced homelab—we need a system that actively fights back. Today, we are building an automated "Active Defense" pipeline that turns reconnaissance attempts into instant hardware-level bans. Network Security Topology - Honeypot to MikroTik Router Automation Flow 1. Core Concepts: The Deep Dive Before deploying code, it is critical to understand the architecture and why we select specific tools to make this setup completely "idiot-proof." The Honeypot (Decoy Concept): A honeypot is an intentionally vulnerable system placed on your network. It serves no legitimate business purpose. Therefore...

In this post, we’ll move beyond static firewall rules and integrate CrowdSec with Mikrotik RouterOS v7 . We are shifting from a traditional "set-and-forget" firewall to an Intelligence-Driven Defense that reacts to global threats in real-time. The Goal To offload the heavy lifting of log analysis to a dedicated Debian 12 LXC and use the Mikrotik API to dynamically block malicious IPs at the edge. This setup ensures your router stays fast while benefiting from a global community of threat intelligence. Figure 1: Logical Topology of the CrowdSec Engine and Mikrotik Edge Enforcement. Why CrowdSec? Behavioral Analysis: It doesn't just look at IPs; it looks at patterns (e.g., SSH brute force). Community Powered: If an IP is banned in Europe or the US, it’s automatically added to your Mikrotik’s blacklist. Resource Efficient: The LXC does the "thinking," the Mikrotik does the "dropping." Note: This setup is p...

Case Study: Non-Invasive High Availability DNS with AdGuard Home & Keepalived Ensuring 99.9% Uptime without modifying Core Router configurations. 1. Executive Summary In any home lab or small office, DNS is a critical service. A single point of failure here means a total network-wide "internet outage." This case study explores a Non-Invasive High Availability (HA) setup using AdGuard Home and Keepalived on Proxmox LXC . The goal: Zero downtime during maintenance while keeping the core router configuration simple and untouched. 2. Key Technical Concepts Keepalived: A routing software that monitors services and manages failover automatically. VRRP (Virtual Router Redundancy Protocol): The protocol used by servers to "talk" and share a single Virtual IP (VIP) . Keep Alive: A mechanism to check if a connection or a neighbor node is still active. Non-Invasive Design: Failover logic ...

Implementing Anycast with MikroTik OSPF and AdGuard Home In high-availability infrastructure, DNS is a non-negotiable critical service. Conventional "Primary and Secondary" DNS configurations often suffer from client-side timeout issues. By leveraging Anycast via OSPF , we ensure that DNS failover is handled instantly by the router, providing a truly redundant and load-balanced experience. I. The Evolution: Before vs After Traditional Setup (Unicast) Clients have two separate IPs. If Server 1 dies, the client "hangs" waiting for a timeout before trying Server 2. This causes perceptible delays. [ CLIENT ] (DNS: .3 & .4) | (Waiting for .3...) v +----------------+ | ROUTER | +-------+--------+ | +----+----+ | | v v [ ADGUARD 1 ] [ ADGUARD 2 ] (.88.3) (.8...

​🏛️ CASE STUDY: The Lean Enterprise Micro-Datacenter ​1. Executive Summary ​This case study documents the design and deployment of a full-stack Infrastructure and Security Operations Center (SOC) on a resource-constrained Dell OptiPlex 3020 Micro (i3 CPU) . By leveraging LXC containerization, custom Python middleware, and Infrastructure as Code (IaC) , the project achieves enterprise-grade observability and zero-data-loss resilience while maintaining a remarkably low resource footprint (~10.5% average CPU usage). ​2. The Infrastructure Profile (The Constraints) ​ Hardware: Dell OptiPlex 3020 Micro (Intel Core i3, 16GB RAM, 500GB SSD). ​ Networking: MikroTik hEX r3 (Backbone). ​ Hypervisor: Proxmox VE 8.x. ​ Objective: Host 10+ critical services (Wazuh SIEM, n8n Orchestration, Zabbix Monitoring, Home Assistant, and custom AI UI) on a dual-core platform without compromising stability. ​3. The Logical Architecture (Sapper-Ranger Design) ​A. Network & Perime...

  The Strategic Architect: Bridging SWOT Analysis and Furikaeri (KPT) In the field of Technology Infrastructure, professionals are often divided into two camps: the Strategic Planners focused on high-level mapping, and the Operational Engineers focused on day-to-day execution. Many argue for a "keep it simple" approach, but in engineering, a simple plan lacking depth often results in significant Technical Debt. To build truly resilient systems, we must recognize that SWOT Analysis and Furikaeri (KPT) are not competing methodologies. They are two halves of the same coin—a unified feedback loop for Operational Excellence. 🏛️ SWOT Analysis: Pre-Deployment Intelligence SWOT (Strengths, Weaknesses, Opportunities, Threats) is far more than a corporate boardroom exercise. In an infrastructure context, it serves as a Strategic Audit before a single command is executed. Strengths & Weaknesses (Internal): This is the internal audit of the current stack. It’s about being hone...