Security Infrastructure
Security Infrastructure
Section titled “Security Infrastructure”Last Updated: 2026-02-15 Security Level: Hardened (Post-Incident Review)
Overview
Section titled “Overview”This section covers security tools and configurations protecting iSu Technologies infrastructure. Following a security incident on 2026-02-12 to 2026-02-14, comprehensive hardening measures and incident response tools have been implemented.
Security Stack
Section titled “Security Stack”| Tool | Purpose | Status | Jails/Rules |
|---|---|---|---|
| fail2ban | Intrusion prevention | ✅ Active | 5 jails, 189 IPs banned |
| UFW/iptables | Firewall | ✅ Active | 9 permanent bans |
| SSH Hardening | Access control | ✅ Hardened | Key-only, restricted |
| Kernel Hardening | System protection | ✅ Active | 20+ sysctl rules |
| Auto-Updates | Patch management | ✅ Active | Daily security patches |
| Incident Response Tools | Threat detection & investigation | ✅ Active | 6 automated tools |
Defense in Depth
Section titled “Defense in Depth”Our security approach uses multiple layers:
┌─────────────────────────────────────────────────────────────┐│ LAYER 1: DETECTION ││ fail2ban (5 jails) + PLGT Stack (Loki, Grafana) │├─────────────────────────────────────────────────────────────┤│ LAYER 2: PREVENTION ││ UFW Firewall + iptables + 45+ Banned IPs │├─────────────────────────────────────────────────────────────┤│ LAYER 3: HARDENING ││ SSH (key-only, 3 retries) + Kernel (sysctl) + Auto-updates │├─────────────────────────────────────────────────────────────┤│ LAYER 4: MONITORING ││ Verbose logging + Security banner + Audit trails │└─────────────────────────────────────────────────────────────┘Quick Status Commands
Section titled “Quick Status Commands”# Overall security statusfail2ban-client status # List all jailsufw status verbose # Firewall rulestail -20 /var/log/fail2ban.log # Recent activity
# Current threat levelfail2ban-client status sshd | grep "Currently banned"Quick Links
Section titled “Quick Links”- 🚨 Incident Response Tools - Security investigation & remediation toolkit (New!)
- fail2ban Guide - Intrusion prevention (5 jails)
- SSH Hardening - Access control configuration
- Kernel Hardening - System protection
- Firewall Rules - UFW/iptables configuration
- PLGT Stack - Observability and alerting
Active Protection Summary
Section titled “Active Protection Summary”fail2ban Jails (5 Active)
Section titled “fail2ban Jails (5 Active)”| Jail | Protection | Ban Time | Max Retry |
|---|---|---|---|
| sshd | SSH brute force | 1 week | 2 |
| recidive | Repeat offenders | 30 days | 2 |
| nginx-http-auth | HTTP auth attacks | 1 day | 3 |
| nginx-botsearch | Bot scanning | 1 week | 2 |
| nginx-req-limit | Request flooding | 1 day | 5 |
Firewall Ports
Section titled “Firewall Ports”| Port | Service | Access |
|---|---|---|
| 22 | SSH | Rate-limited |
| 80/443 | HTTP/HTTPS | Open |
| 3004 | Grafana | Open |
| 3005 | ThriveSend | Open |
| 8001/8003 | Backend APIs | Open |
Emergency Response
Section titled “Emergency Response”Under Attack?
Section titled “Under Attack?”# 1. Check current attackstail -f /var/log/fail2ban.log | grep --color "Ban\|Found"
# 2. Manually ban aggressive IPfail2ban-client set sshd banip <IP_ADDRESS>
# 3. Permanent UFW ban for persistent attackersufw insert 1 deny from <IP_ADDRESS> comment "Permanent ban - reason"
# 4. Check banned countfail2ban-client status sshd | grep bannedEmergency Contacts
Section titled “Emergency Contacts”- Primary: Nhlanhla Mnyandu (nhlanhla@isutech.co.za)
- Server: Hetzner Production (46.224.40.5)
- Incident Log: /var/log/security-incidents.log
Hardened: 2026-02-09 | Maintained by iSu Technologies Security Team