This week’s highlighted open-source project is CrowdSec, which is a new tool that takes a crowdsourced approach to security automation. It uses a combination of local IP detection and an online community-based IP reputation system to protect networks.
According to the team, the tool goes through logs to assess the behavior of IP addresses that are attempting to connect with apps, websites, and services. Then it allows users to locally deal with potentially dangerous IP addresses that are found and asks for permission to send that address to CrowdSec to share with the community.
It is composed of three components:
- CrowdSec service, which runs in the background, processes logs, and keeps track of attacks
- Cscli, which is a command line interface for the tool that lets users view, add, or remove bans, and install, find, or update attack scenarios
- Bouncers, which block potentially dangerous traffic
The team hopes its tool will help create “digital herd immunity.” According to CrowdSec, the firewalls currently in use today mostly use static rules, so there was a need for a next-generation solution.
CrowdSec was written in Go and is designed to run on servers, cloud machines, containers, or to be called through an API directly. The CrowdSec Hub features tools that help defeat attacks like password brute force, port scans, web scans, credential stuffing, and more.
The tool was launched in May and its first stable v1.0 release came out in November. It plans to generate seed funding in the first quarter of 2021.