Browsed by
Category: infosec

Quad9 – First Thoughts & Benchmarks

Quad9 – First Thoughts & Benchmarks

Changelog 29Nov2017 – Originally published 6Dec2017  – Provided download links to DNS Benchmark tool and associated ini file Quad9 is the collaboration of IBM X-Force, PCH, and Global Cyber Alliance. It provides a DNS platform that combines high performance with security by blocking known malicious domains. At the time of this writing, Quad9 was using 19 threat feeds. I’m not going to get into the marketing speak because quite frankly, enough folks cover that well enough. Quad9 Main Site New…

Read More Read More

Sending pfSense logs to the DShield project

Sending pfSense logs to the DShield project

Changelog 02June2017 – Originally published 28Nov2017  – Updated due to script changes What is DShield and why would I send them my logs? According to the SANS Internet Storm Center (ISC), “DShield provides a platform for users of firewalls to share intrusion information. DShield is a free and open service.” While DShield is often referred to generically as a “collaborative firewall log correlation system,” for all practical purposes, it is a bit of threat intelligence well before threat intelligence was…

Read More Read More

Testing SPF, DKIM, and DMARC

Testing SPF, DKIM, and DMARC

If you are interested in a step-by-step implementation of SPF, DKIM, and DMARC, there’s a post for that! It’s on this site as well and it will walk you through the entire process. https://www.linuxincluded.com/implementing-spf-dkim-and-dmarc/ Before you jump into testing SPF, DKIM, or DMARC, you need to verify where your authoritative DNS nameservers are. The easiest way to do this is by going to a Linux command line and performing a whois. # whois linuxincluded.com   Domain Name: LINUXINCLUDED.COM   Registry Domain ID: 1985890536_DOMAIN_COM-VRSN   Registrar WHOIS…

Read More Read More

Implementing SPF, DKIM, and DMARC

Implementing SPF, DKIM, and DMARC

If you made it here, you might not be interested in the why’s of implementing the holy trinity of anti-email spoofing. However, if you’re still uncertain whether you should or shouldn’t, just do it! With the guide below, you’ll see it isn’t all that difficult and when used together, they provide great benefits like brand protection, reducing a phishing attack vector, less chance of your legitimate marketing emails ending up in spam, etc. It also makes you and your domain a…

Read More Read More

Securing Open RDP Ports

Securing Open RDP Ports

Mr. Mackey says it best — Open RDP ports on the internet are bad… mmmmkay. When you are architecting an environment, you should avoid them like the plague. Even on an internal network, you should avoid them. Otherwise, you are just asking for problems at some point whether it is someone pounding away looking for a username/password combination or a remote vulnerability in the service. Compromised servers (via RDP) are mainstays for criminal jump points and some are even monetizing…

Read More Read More

HL7 Data Interfaces in Medical Environments: Attacking and Defending the Achille’s Heel of Healthcare

HL7 Data Interfaces in Medical Environments: Attacking and Defending the Achille’s Heel of Healthcare

This security research paper is the second of two examining the HL7 messaging standard, which is arguably the most fundamental flaw in healthcare IT. HL7 is used extensively for system-to-system communications and is in nearly every healthcare facility worldwide. The first paper is an overview of what can be done with stolen medical data, what HL7 is, as well as potential dangers inherent to HL7. The second paper moves beyond theory and is an in-depth, technical discussion on ways to…

Read More Read More

HL7 Data Interfaces in Medical Environments: Understanding the Fundamental Flaw in Healthcare

HL7 Data Interfaces in Medical Environments: Understanding the Fundamental Flaw in Healthcare

This security research paper is the first of two examining the HL7 messaging standard, which is arguably the most fundamental flaw in healthcare IT. HL7 is used extensively for system-to-system communications and is in nearly every healthcare facility worldwide. The first paper is an overview of what can be done with stolen medical data, what HL7 is, as well as potential dangers inherent to HL7. The second paper moves beyond theory and is an in-depth, technical discussion on ways to…

Read More Read More

Shadow Brokers Dump And Best Practices

Shadow Brokers Dump And Best Practices

Well that’s a weird title, right? Now that the dust has settled to some degree, let’s look at a not-so-obvious takeaway from the latest security news that simultaneously set everyone’s hair on fire? The latest Shadow Brokers dump is bad on so many different levels. Let’s not concentrate on the potential levels of government and private industry collusion our guts told us existed, but we weren’t sure of. Even now, Microsoft is claiming the vulnerabilities were fixed as part of a…

Read More Read More

Why Phone Numbers Make Horrible WiFi Passwords

Why Phone Numbers Make Horrible WiFi Passwords

Aside from discussing the most obvious item (in the title), you also have the issue of why your average ISP isn’t helping out the security of the average consumer. In addition, the underlying theme here is that installation and implementation matters. You can have the best security/encryption on the planet and someone else can trash it in short order simply because they implement it wrong. Also note that while I won’t be publicly naming them, I will instead provide my emails…

Read More Read More

Using pfBlockerNG (And Block Lists) On pfSense

Using pfBlockerNG (And Block Lists) On pfSense

In a previous post, I talked about implementing blocklists (aka IP reputation lists, ban lists, blacklists, etc.) generically on nearly any firewall to improve your security. The examples I used were on pfSense and OPNsense. I also discussed the methodology and some background as well so if you’re just coming into the conversation, it might be worth a read beforehand. (Previous Post: Using Firewall Block Lists) There were some downfalls to the previously discussed approach such as the URL download (via aliases)…

Read More Read More