Featured
Block Ads & Malvertising on pfSense Using pfBlockerNG (DNSBL)

Block Ads & Malvertising on pfSense Using pfBlockerNG (DNSBL)

Changelog 4Jan2018 – Originally posted 17Jan2018 – Added whitelist recommendations 25Jan2018 – Reworded ‘DNSBL firewall rule’ section 30Jan2018 – Added TLD blacklisting; Added warning about large lists and related memory issues (with unbound) 15Feb2018 – Added Spamhaus most abused TLDs info This walkthrough uses the DNSBL portion of pfBlockerNG to remove advertising and more importantly, malvertising. It essentially creates a functionality similar to the pi-Hole project except it doesn’t require a separate piece of hardware. Instead, you just use your…

Read More Read More

Redirect outgoing NTP traffic to an internal NTP server

Redirect outgoing NTP traffic to an internal NTP server

Changelog 28Dec2017 – Originally posted 18Feb2018 – Added to alias/inverted NAT rule Tired of seeing outbound NTP blocks in your firewall logs because you restrict outgoing traffic? Or maybe you are receiving alerts because some device uses NTP pool resources (such as pool.ntp.org) and one of those IP addresses has ended up on a blacklist, blocklist, threat intelligence feed, etc? Either way, few things in the life of an IT or security professional are as frustrating as false positives. This…

Read More Read More

Adding HSTS To Your Website

Adding HSTS To Your Website

So you’ve moved your website to use SSL/TLS and that’s it? Not quite! Your next step should to test your site and enable HSTS (HTTP Strict Transport Security). Testing via Qualys SSL Labs I *love* the SSL Labs server test from Qualys. It’s free and it does a fantastic job of testing (and subsequently grading) your website for cipher suites, protocols (SSL/TLS versions), etc. IMO, it should be one of the first checks performed after standing up a website and…

Read More Read More

Monitoring pfSense with Nagios XI Using SSH – part 3

Monitoring pfSense with Nagios XI Using SSH – part 3

Configuring the checks on Nagios XI This is the third and final part to monitoring pfSense with Nagios XI using SSH. If you missed either of the previous parts, I’ve included them below. Part 1: Setting up password-less SSH Part 2: Downloading and testing the checks Finally, let’s configure the checks on Nagios XI! Go to the SSH Proxy wizard. I like to change the OS to FreeBSD, but all that really does is change the icon in the web…

Read More Read More

Monitoring pfSense with Nagios XI Using SSH – part 2

Monitoring pfSense with Nagios XI Using SSH – part 2

Downloading and testing the checks In the part 1, we setup password-less SSH. What good does that do? Now that we have a secure connection between the systems, we are quite a bit closer to securely running check commands using the SSH proxy on Nagios XI (or the check_by_ssh on Nagios Core). First though, we need to get the various plugins on the pfSense box. We are going to use a handful of custom scripts, but we’ll also use some…

Read More Read More

Monitoring pfSense with Nagios XI Using SSH – part 1

Monitoring pfSense with Nagios XI Using SSH – part 1

Monitoring pfSense with Nagios XI Using SSH Series This walkthrough will guide you through the process of monitoring your pfSense using Nagios XI and SSH. The scripts could also be used with NRPE without issue, although I discuss why SSH is my preferred route below. Similar configuration steps could be taken on Nagios Core, however, I don’t have a running copy of Core to verify. I also included a service config file at the end of part 3 so Nagios…

Read More Read More

Nagios – ndo2db not running

Nagios – ndo2db not running

Your Nagios server was shutoff unexpectedly and now you see the “database backend” with a red exclamation in the web GUI. The only thing you can do is try to start the process, but it comes back with ndo2db is not running. Fortunately, the fix is pretty simple. Feel free to copy/paste the commands to avoid typos. Just make sure you omit the ‘#’ on each command otherwise the command won’t run. Assuming you have already tried restarting the ndo2db…

Read More Read More

Why Net Neutrality Is Vital For Entrepreneurs

Why Net Neutrality Is Vital For Entrepreneurs

The battle over net neutrality rages on and it has far-reaching implications beyond the US. Anyone who knows or follows me knows I am a huge fan of net neutrality. I’m not saying it is the only way to protect the free and open internet, but 1) it is one of the easiest, 2) it’s all we have, and 3) simple generally leads to less loopholes. For what it is worth, this isn’t a political discussion and I don’t intend…

Read More Read More

Configuring Quad9 on pfSense

Configuring Quad9 on pfSense

Quad9 is a DNS platform that adds a layer of security. It does this via standard DNS queries/responses. Basically, if a machine on your network queries a known bad hostname, the Quad9 DNS server responds by stating that domain does not exist (NX DOMAIN or non-existent domain). If you would like a bit more info on Quad9 including some speed benchmarks against other DNS services, I would suggest an earlier article, Quad9 – First Thoughts & Benchmarks. This post is all…

Read More Read More

Quad9 – First Thoughts & Benchmarks

Quad9 – First Thoughts & Benchmarks

Changelog 29Nov2017 – Originally posted 6Dec2017  – Provided download links to DNS Benchmark tool and associated ini file Quad9 is the collaboration of IBM X-Force, PCH, and Global Cyber Alliance. It provides a DNS platform that combines high performance with security by blocking known malicious domains. At the time of this writing, Quad9 was using 19 threat feeds. I’m not going to get into the marketing speak because quite frankly, enough folks cover that well enough. Quad9 <- Main Site…

Read More Read More