Browsed by
Tag: best practices

Block Ads & Malvertising on pfSense Using pfBlockerNG (DNSBL)

Block Ads & Malvertising on pfSense Using pfBlockerNG (DNSBL)

This walkthrough uses the DNSBL portion of pfBlockerNG to remove ads/advertising and more importantly, malvertising. It essentially creates a functionality similar to the pi-Hole project except it doesn’t require a separate piece of hardware. Instead, you just use your pfSense + pfBlockerNG! If you’re interested in a write-up on installing/configuring the pi-hole on Ubuntu, I have one here. Please note this walkthrough is for the devel version of pfBlockerNG. The pfBlockerNG-devel package is in the standard list of available packages…

Read More Read More

Installing pi-hole on Ubuntu 18.04 LTS

Installing pi-hole on Ubuntu 18.04 LTS

In this guide, I will walkthrough how to install and test the pi-hole on Ubuntu and more specifically, Ubuntu Server. These same instructions may work on Ubuntu Desktop, but I strongly suggest Server. Why Ubuntu instead of a Raspberry Pi? I love Raspberry Pis and I probably own at least 10 of them. But sometimes I want to perform DNS blocking/blackholing and I either a) don’t have a Raspberry Pi in an environment or b) I have a virtual environment…

Read More Read More

Configuring Quad9 on pfSense

Configuring Quad9 on pfSense

Quad9 is a DNS platform that adds several layers of security. It does this via standard DNS queries/responses.Basically, if a machine on your network queries a known bad hostname, the Quad9 DNS server responds by stating that domain does not exist (NX DOMAIN or non-existent domain). Quad9 also allows you to use DNS over TLS. If you would like a bit more info on Quad9 including some speed benchmarks against other DNS services, I would suggest an earlier article, Quad9 – First…

Read More Read More

Installing OpenVAS (GVM) on CentOS 7

Installing OpenVAS (GVM) on CentOS 7

This is a walkthough for installing and configuring OpenVAS (GVM) on CentOS 7. OpenVAS (Open Vulnerability Assessment System) is an opensource vulnerability scanner. Greenbone has deprecated OpenVAS version 9 and version 10 is now known as Greenbone Vulnerability Manager (GVM). Likewise, the new rpms are called ‘greenbone-vulnerability-manager’ and ‘gvm-libs’ which replace the ‘openvas’ and ‘openvas-libraries’ rpms. If you are upgrading from 9 to the latest version, you may lose your previous tasks and reports so beware! Also, if you are…

Read More Read More

All Cybersecurity Is Not Created Equal

All Cybersecurity Is Not Created Equal

I love telling stories about some of the things I’ve seen or done because it helps align mere talking points (or theory) to reality. This is a story I’ve told and presented on several times. It always resonates with the audience and businesses so I figured I would share it here. I was approached by a friend who works in the healthcare space. He asked me to perform a security assessment and light penetration test of his business. My immediate…

Read More Read More

SSHGuard settings on pfSense

SSHGuard settings on pfSense

Something that always annoyed me when performing a vulnerability scan on a pfSense system was the alerts it triggered. Basically, the vulnerability scanner would attempt to bruteforce SSH logins, which would trigger the sshguard protections, placing the IP address in the sshguard table (Diagnostics -> Tables), producing 100’s of firewall block messages, etc. Dec 3 16:22:37 – Int: em0 Type: block Prot: tcp Src: 192.168.1.8:38553 Dest: 192.168.1.1:22 Tracker: 1000000301 – block drop in log quick proto tcp from <sshguard:1> to…

Read More Read More

An Open Letter To Ransomware Authors

An Open Letter To Ransomware Authors

Dear ransomware authors, Thank you! No joking, no saltiness, no BS. You may think this is in jest, but I whole-heartedly want to say ‘thank you.’ I’ve been around security long enough to see *many* turn the corner from “we’ll get to security when we get to it” to genuinely being interested in improving. I cannot begin to describe how disheartening it is to do back-to-back yearly security assessments for a bank [or countless other businesses] and have the same…

Read More Read More

Monitor For Expiring SSL/TLS Certs with Nagios

Monitor For Expiring SSL/TLS Certs with Nagios

We’ve all been there. Your SSL/TLS certificate on your webserver, mail server, or <insert service name here> has expired and your users are miffed!!! Expiring SSL/TLS certificates have been a problem as long as I can remember and that was at a point when SSL certs could last for several years. Now we have Let’s Encrypt (@letsencrypt) in the fray of SSL/TLS certs and their certs only last a maximum of 90 days. Do you really think expiring certs won’t…

Read More Read More

Block Ads & Malvertising on pfSense Using pfBlockerNG (DNSBL) – Old

Block Ads & Malvertising on pfSense Using pfBlockerNG (DNSBL) – Old

This walkthrough uses the DNSBL portion of pfBlockerNG to remove ads/advertising and more importantly, malvertising. It essentially creates a functionality similar to the pi-Hole project except it doesn’t require a separate piece of hardware. Instead, you just use your pfSense (pfBlockerNG)! If you’re interested in a write-up on installing/configuring the pi-hole on Ubuntu, I have one here. I love pfSense and if I could only install one package to enhance its capabilities, it would undoubtedly be pfBlockerNG. pfBlockerNG is a pfSense…

Read More Read More

Redirect outgoing NTP traffic to an internal NTP server

Redirect outgoing NTP traffic to an internal NTP server

Tired of seeing outbound NTP blocks in your firewall logs because you restrict outgoing traffic? Or maybe you are receiving alerts because some device uses NTP pool resources (such as pool.ntp.org) and one of those IP addresses has ended up on a blacklist, blocklist, threat intelligence feed, etc? Either way, few things in the life of an IT or security professional are as frustrating as false positives. This write-up will help you change that with a little NAT magic, aka…

Read More Read More