Boiler Room’s IP Blocklist

The use of IP Blocklist can be an integral part of the overall Network Security Program. There are several good sources of known and suspicious IPs and networks that are associated with malicious content or in other ways pose a threat to your network. If your firewall or IPS (Intrusion Prevention System) have the means …

Boiler Room’s IP Blocklist Read More »

Webmin System Administration Console (Ubuntu)

Webmin is a web-based interface for system administration for Linux using any modern web browser. NOTE: Do no install Webmin if you are planning to install Virtualmin. The Webmin features are already included in Virtualmin.

Virtualmin LAMP Server (Ubuntu)

Building on the basic Ubuntu Cloud Server (with Emerging Threats Protection) we will create an all-in-one internet hosting server using the Virtualmin web hosting control panel. Add Support for TLSv1.3 The Apache package from Ubuntu 18.04, 16.04, repository isn’t built with OpenSSL 1.1.1. You can manually compile Apache with OpenSSL 1.1.1, but it takes extra time …

Virtualmin LAMP Server (Ubuntu) Read More »

Emerging Threats and Geo-Protection (Ubuntu)

This will configure the IPtables firewall with an IP blocklist for specific countries and an IP blocklist for IPs and IP netblocks that are known threats. This uses the IP Sets utility for faster table updates to the blocklist and faster matching in the firewall.

Ubuntu Linux Cloud Install

After deploying a new Ubuntu Linux server on Digital Ocean or Linode, there are a few customization steps I take to improve usability and security of the server. Install Strong Entropy apt update apt -y install haveged pollinate Schedule re-seeding random number generator at boot: (crontab -l ; echo “@reboot /usr/bin/pollinate -r” )| crontab – …

Ubuntu Linux Cloud Install Read More »

OpenSSL Ciphers

Yet another article about why my cipher string is better than yours. (updated: Nov 12, 2018) There are several very good articles about hardening OpenSSL ciphers. Over the years I’ve combined lessons learned from others, my own research of standards and best practices, and my own real-life experiences to come up with the OpenSSL cipher …

OpenSSL Ciphers Read More »

VPN Keys – There Is An Easier Way

As a security engineer that manages multiple firewalls, I often negotiate the setup of VPNs with other organizations. It is a challenge, at times, to negotiate keying intervals and secure cipher settings between not so compatible firewall/VPN vendors; but the most difficult challenge has to do with the people factor: the Pre-Shared Key (PSK), also …

VPN Keys – There Is An Easier Way Read More »

Fighting Grime On Your PC – Part 1

Keeping your Windows PC running at its best can be accomplished in three simple steps once a month: Keep Windows and all your software updated Clean the system of unused files and settings Scan for malware that may have slipped by your antivirus. This article will focus on step 2, using a program called CCleaner. Piriform’s CCleaner …

Fighting Grime On Your PC – Part 1 Read More »

Password Managers

One of the most important steps you can take to protect yourself online is to use a unique, strong password for each of your accounts. Unfortunately, most of us have so many accounts that it’s almost impossible to remember all of our passwords. A simple solution is to use a password manager, sometimes called a …

Password Managers Read More »

Scroll to Top