Browsed by
Tag: best practices

Monitoring pfSense with Nagios Using SSH – part 2

Monitoring pfSense with Nagios Using SSH – part 2

Downloading and testing the checks In the part 1, we setup password-less SSH. Now that we have a secure connection between the systems, we are quite a bit closer to securely running check commands using the SSH proxy on Nagios XI or the check_by_ssh on Nagios Core. Changelog 15Dec2017 – Originally posted 9May2018 – Added uptime and CPU temperature check as well as a Nagios Core example 11May2018 – Modified the check_pf_mem plugin 1June2018 – Added Nagios Core services.cfg and…

Read More Read More

Monitoring pfSense with Nagios Using SSH – part 1

Monitoring pfSense with Nagios Using SSH – part 1

Monitoring pfSense with Nagios XI or Core Using SSH Series This walkthrough will guide you through the process of monitoring your pfSense using SSH and Nagios. Though this was originally written with Nagios XI in mind, recent additions to this walkthrough have made the process far easier for those configuring it on Nagios Core. FWIW, the scripts could also be used with NRPE without issue, although I discuss why SSH is my preferred route below. The end of part 3…

Read More Read More

Configuring Quad9 on pfSense

Configuring Quad9 on pfSense

Quad9 is a DNS platform that adds several layers of security. It does this via standard DNS queries/responses.Basically, if a machine on your network queries a known bad hostname, the Quad9 DNS server responds by stating that domain does not exist (NX DOMAIN or non-existent domain). Quad9 also allows you to use DNS over TLS. If you would like a bit more info on Quad9 including some speed benchmarks against other DNS services, I would suggest an earlier article, Quad9 – First…

Read More Read More

Quad9 – First Thoughts & Benchmarks

Quad9 – First Thoughts & Benchmarks

Quad9 is the collaboration of IBM X-Force, PCH, and Global Cyber Alliance. It provides a DNS platform that combines high performance with security by blocking known malicious domains. At the time of this writing, Quad9 was using 19 threat feeds. I’m not going to get into the marketing speak because quite frankly, enough folks cover that well enough. Quad9 <- Main Site New “Quad9” DNS service blocks malicious domains for everyone <- Ars Technica Instead, I’ll provide the bare essentials…

Read More Read More

Testing SPF, DKIM, and DMARC

Testing SPF, DKIM, and DMARC

If you are interested in a step-by-step implementation of SPF, DKIM, and DMARC, there’s a post for that! It’s on this site as well and it will walk you through the entire process. https://www.linuxincluded.com/implementing-spf-dkim-and-dmarc/ Changelog 17Nov2017 – Originally posted 25Mar2018 – Added more SPF tests specifically for lookups 19Nov2018 – Clarified some test steps and added a site Before you jump into testing SPF, DKIM, or DMARC, you need to verify where your authoritative DNS nameservers are. The easiest way…

Read More Read More

Implementing SPF, DKIM, and DMARC

Implementing SPF, DKIM, and DMARC

If you made it here, you might not be interested in the why’s of implementing the holy trinity – SPF, DKIM, and DMARC – of anti-email spoofing. However, if you’re still uncertain whether you should or shouldn’t, just do it! With the guide below, you’ll see it isn’t all that difficult and when used together, they provide great benefits like brand protection, reducing a phishing attack vector, less chance of your legitimate marketing emails ending up in spam, etc. It also…

Read More Read More

Securing Open RDP Ports

Securing Open RDP Ports

Mr. Mackey says it best — Open RDP ports on the internet are bad… mmmmkay. When you are architecting an environment, you should avoid them like the plague. Even on an internal network, you should avoid them. Otherwise, you are just asking for problems at some point whether it is someone pounding away looking for a username/password combination or a remote vulnerability in the service. Compromised servers (via RDP) are mainstays for criminal jump points and some are even monetizing…

Read More Read More

Shadow Brokers Dump And Best Practices

Shadow Brokers Dump And Best Practices

Well that’s a weird title, right? Now that the dust has settled to some degree, let’s look at a not-so-obvious takeaway from the latest security news that simultaneously set everyone’s hair on fire? The latest Shadow Brokers dump is bad on so many different levels. Let’s not concentrate on the potential levels of government and private industry collusion our guts told us existed, but we weren’t sure of. Even now, Microsoft is claiming the vulnerabilities were fixed as part of a…

Read More Read More