Browsed by
Category: firewall

Configuring Quad9 on pfSense

Configuring Quad9 on pfSense

Quad9 is a DNS platform that adds a layer of security. It does this via standard DNS queries/responses. Basically, if a machine on your network queries a known bad hostname, the Quad9 DNS server responds by stating that domain does not exist (NX DOMAIN or non-existent domain). If you would like a bit more info on Quad9 including some speed benchmarks against other DNS services, I would suggest an earlier article, Quad9 – First Thoughts & Benchmarks. This post is all…

Read More Read More

Quad9 – First Thoughts & Benchmarks

Quad9 – First Thoughts & Benchmarks

Changelog 29Nov2017 – Originally published 6Dec2017  – Provided download links to DNS Benchmark tool and associated ini file Quad9 is the collaboration of IBM X-Force, PCH, and Global Cyber Alliance. It provides a DNS platform that combines high performance with security by blocking known malicious domains. At the time of this writing, Quad9 was using 19 threat feeds. I’m not going to get into the marketing speak because quite frankly, enough folks cover that well enough. Quad9 Main Site New…

Read More Read More

Sending pfSense logs to the DShield project

Sending pfSense logs to the DShield project

Changelog 02June2017 – Originally published 28Nov2017  – Updated due to script changes What is DShield and why would I send them my logs? According to the SANS Internet Storm Center (ISC), “DShield provides a platform for users of firewalls to share intrusion information. DShield is a free and open service.” While DShield is often referred to generically as a “collaborative firewall log correlation system,” for all practical purposes, it is a bit of threat intelligence well before threat intelligence was…

Read More Read More

Securing Open RDP Ports

Securing Open RDP Ports

Mr. Mackey says it best — Open RDP ports on the internet are bad… mmmmkay. When you are architecting an environment, you should avoid them like the plague. Even on an internal network, you should avoid them. Otherwise, you are just asking for problems at some point whether it is someone pounding away looking for a username/password combination or a remote vulnerability in the service. Compromised servers (via RDP) are mainstays for criminal jump points and some are even monetizing…

Read More Read More

Using pfBlockerNG (And Block Lists) On pfSense

Using pfBlockerNG (And Block Lists) On pfSense

In a previous post, I talked about implementing blocklists (aka IP reputation lists, ban lists, blacklists, etc.) generically on nearly any firewall to improve your security. The examples I used were on pfSense and OPNsense. I also discussed the methodology and some background as well so if you’re just coming into the conversation, it might be worth a read beforehand. (Previous Post: Using Firewall Block Lists) There were some downfalls to the previously discussed approach such as the URL download (via aliases)…

Read More Read More

Using Firewall Block Lists

Using Firewall Block Lists

IP reputation lists (aka IP blacklists, ban lists, block lists, etc.) are fairly plentiful and some are better (more IPs and less false positives) than others. Now before I get hate mail stating blacklists don’t work, the truth is blacklists are extremely helpful. Would I use them as my sole line of defense? No way! However, when used with multiple layers of security, blacklists prove to be extremely useful. In addition, in many cases a blacklist can actually help reduce resource…

Read More Read More