Security Advice

OpenSSL Ciphers

Yet another article about why my cipher string is better than yours (updated: Dec 2021) There are several very good articles about hardening OpenSSL ciphers. Over the years I’ve combined lessons learned from others, my own research of standards and best practices, and my own real-life experiences to come up with the OpenSSL cipher string …

OpenSSL Ciphers Read More »

Am I Hacked?

Just like driving a car, sooner or later you may have an accident no matter how secure you are. Below are clues to help figure out if you have been hacked and, if so, what to do. The sooner you identify something bad has happened, the more likely you can fix the problem. Clues You …

Am I Hacked? Read More »

Boiler Room’s IP Blocklist

For the Boiler Room’s IP Blocklist I have aggregated several blocklists together into a single list to protect from emerging threats, malware & ransomware command-and-controls systems, cyber-criminals, spammers from hell, and noisy research scanners. The list is updated every hour and I also provide Threat Indicator (IOC) files for the Check Point Firewall.

Emerging Threats and Geo-Protection (Ubuntu)

This will install and configure Firewalld with an IP blocklist for specific countries and an IP blocklist for IPs and IP netblocks that are known threats. This uses the IP Sets utility for faster table updates to the blocklist and faster matching in the firewall.

VPN Keys – There Is An Easier Way

As a security engineer that manages multiple firewalls, I often negotiate the setup of VPNs with other organizations. It is a challenge, at times, to negotiate keying intervals and secure cipher settings between not so compatible firewall/VPN vendors; but the most difficult challenge has to do with the people factor: the Pre-Shared Key (PSK), also …

VPN Keys – There Is An Easier Way Read More »

Password Managers

One of the most important steps you can take to protect yourself online is to use a unique, strong password for every one of your accounts and apps. Unfortunately, it is most likely impossible for you to remember all your different passwords for all your different accounts. This is why so many people reuse the …

Password Managers Read More »

RC4 Servers are Breaking the World Wide Web

With all the news over the last year about secure websites falling victim to serious encryption vulnerabilities, I sit here in disbelief that one very critical vulnerability has seemingly slipped through the cracks. I’m speaking of the RC4 encryption cipher. ATTENTION WEB SERVER ADMINISTRATORS: I’M TALKING TO YOU!!

Your 2015 Security Check List

Now that we are almost one-sixth of the way through the year, many of us have probably abandoned some the many great ideas to better ourselves. So, I encourage you to make just one more resolution that you cannot afford to put on the back burner. If you neglect your security, it could lead you …

Your 2015 Security Check List Read More »

E-mail Dos and Don’ts

Email has become one of the primary ways we communicate in our personal and professional lives. However, we can often be our own worst enemy when using it. In this newsletter from the SANS Institute, we will learn the most common mistakes people make and how you can avoid them in our day-to-day lives. SANS Ouch! …

E-mail Dos and Don’ts Read More »

Scroll to Top