Browsed by
Category: infosec

Block Ads & Malvertising on pfSense Using pfBlockerNG (DNSBL)

Block Ads & Malvertising on pfSense Using pfBlockerNG (DNSBL)

This walkthrough uses the DNSBL portion of pfBlockerNG to remove ads/advertising and more importantly, malvertising. It essentially creates a functionality similar to the pi-Hole project except it doesn’t require a separate piece of hardware. Instead, you just use your pfSense (pfBlockerNG)! I love pfSense and if I could only install one package to enhance its capabilities, it would undoubtedly be pfBlockerNG. pfBlockerNG is a pfSense package maintained by @BBcan177 (on Twitter). It’s worth mentioning that BBCan177 has a Patreon campaign where you…

Read More Read More

Redirect outgoing NTP traffic to an internal NTP server

Redirect outgoing NTP traffic to an internal NTP server

Tired of seeing outbound NTP blocks in your firewall logs because you restrict outgoing traffic? Or maybe you are receiving alerts because some device uses NTP pool resources (such as pool.ntp.org) and one of those IP addresses has ended up on a blacklist, blocklist, threat intelligence feed, etc? Either way, few things in the life of an IT or security professional are as frustrating as false positives. This write-up will help you change that with a little NAT magic, aka…

Read More Read More

Adding HSTS To Your Website

Adding HSTS To Your Website

So you’ve moved your website to use SSL/TLS and that’s it? Not quite! Your next step should to test your site and enable HSTS (HTTP Strict Transport Security). Changelog 19Dec2017 – Originally posted 5Apr2018 – Added speed difference verbiage between server config and functions.php or .htaccess for high volume websites Testing via Qualys SSL Labs I *love* the SSL Labs server test from Qualys. It’s free and it does a fantastic job of testing (and subsequently grading) your website for…

Read More Read More

Monitoring pfSense with Nagios XI Using SSH – part 3

Monitoring pfSense with Nagios XI Using SSH – part 3

Configuring the checks on Nagios XI This is the third and final part to monitoring pfSense with Nagios XI using SSH. If you missed either of the previous parts, I’ve included them below. Part 1: Setting up password-less SSH Part 2: Downloading and testing the checks Changelog 15Dec2017 – Originally posted 9May2018 – Added uptime and CPU temperature check as well as a Nagios Core example 11May2018 – Modified the check_pf_mem plugin Finally, let’s configure the checks on Nagios XI!…

Read More Read More

Monitoring pfSense with Nagios XI Using SSH – part 2

Monitoring pfSense with Nagios XI Using SSH – part 2

Downloading and testing the checks In the part 1, we setup password-less SSH. What good does that do? Now that we have a secure connection between the systems, we are quite a bit closer to securely running check commands using the SSH proxy on Nagios XI (or the check_by_ssh on Nagios Core). Changelog 15Dec2017 – Originally posted 9May2018 – Added uptime and CPU temperature check as well as a Nagios Core example 11May2018 – Modified the check_pf_mem plugin First though,…

Read More Read More

Monitoring pfSense with Nagios XI Using SSH – part 1

Monitoring pfSense with Nagios XI Using SSH – part 1

Monitoring pfSense with Nagios XI Using SSH Series This walkthrough will guide you through the process of monitoring your pfSense using Nagios XI and SSH. The scripts could also be used with NRPE without issue, although I discuss why SSH is my preferred route below. Similar configuration steps could be taken on Nagios Core, however, I don’t have a running copy of Core to verify. I also included a service config file at the end of part 3 so Nagios…

Read More Read More

Configuring Quad9 on pfSense

Configuring Quad9 on pfSense

Quad9 is a DNS platform that adds several layers of security. It does this via standard DNS queries/responses.Basically, if a machine on your network queries a known bad hostname, the Quad9 DNS server responds by stating that domain does not exist (NX DOMAIN or non-existent domain). Quad9 also allows you to use DNS over TLS. If you would like a bit more info on Quad9 including some speed benchmarks against other DNS services, I would suggest an earlier article, Quad9 – First…

Read More Read More

Quad9 – First Thoughts & Benchmarks

Quad9 – First Thoughts & Benchmarks

Quad9 is the collaboration of IBM X-Force, PCH, and Global Cyber Alliance. It provides a DNS platform that combines high performance with security by blocking known malicious domains. At the time of this writing, Quad9 was using 19 threat feeds. I’m not going to get into the marketing speak because quite frankly, enough folks cover that well enough. Quad9 <- Main Site New “Quad9” DNS service blocks malicious domains for everyone <- Ars Technica Instead, I’ll provide the bare essentials…

Read More Read More

Sending pfSense logs to the DShield project

Sending pfSense logs to the DShield project

Changelog 02June2017 – Originally posted 28Nov2017  – Updated due to script changes What is DShield and why would I send them my logs? According to the SANS Internet Storm Center (ISC), “DShield provides a platform for users of firewalls to share intrusion information. DShield is a free and open service.” While DShield is often referred to generically as a “collaborative firewall log correlation system,” for all practical purposes, it is a bit of threat intelligence well before threat intelligence was…

Read More Read More

Testing SPF, DKIM, and DMARC

Testing SPF, DKIM, and DMARC

If you are interested in a step-by-step implementation of SPF, DKIM, and DMARC, there’s a post for that! It’s on this site as well and it will walk you through the entire process. https://www.linuxincluded.com/implementing-spf-dkim-and-dmarc/ Changelog 17Nov2017 – Originally posted 25Mar2018 – Added more SPF tests specifically for lookups Before you jump into testing SPF, DKIM, or DMARC, you need to verify where your authoritative DNS nameservers are. The easiest way to do this is by going to a Linux command…

Read More Read More