my IT security thoughts, suggestions, and miscellaneous info
Yet another article about why my cipher string is better than yours (updated: Dec 2021) There are several very good articles about hardening OpenSSL ciphers. Over the years I’ve combined lessons learned from others, my own research of standards and best practices, and my own real-life experiences to come up with the OpenSSL cipher string …
Just like driving a car, sooner or later you may have an accident no matter how secure you are. Below are clues to help figure out if you have been hacked and, if so, what to do. The sooner you identify something bad has happened, the more likely you can fix the problem. Clues You …
For the Boiler Room’s IP Blocklist I have aggregated several blocklists together into a single list to protect from emerging threats, malware & ransomware command-and-controls systems, cyber-criminals, spammers from hell, and noisy research scanners. The list is updated every hour and I also provide Threat Indicator (IOC) files for the Check Point Firewall.
This will install and configure Firewalld with an IP blocklist for specific countries and an IP blocklist for IPs and IP netblocks that are known threats. This uses the IP Sets utility for faster table updates to the blocklist and faster matching in the firewall.
As a security engineer that manages multiple firewalls, I often negotiate the setup of VPNs with other organizations. It is a challenge, at times, to negotiate keying intervals and secure cipher settings between not so compatible firewall/VPN vendors; but the most difficult challenge has to do with the people factor: the Pre-Shared Key (PSK), also …
Keeping your Windows PC running at its best can be accomplished in three simple steps once a month: Keep Windows and all your software updated Clean the system of unused files and settings Scan for malware that may have slipped by your antivirus. This article will focus on step 3, using a program called Malwarebytes. Similar to …
One of the most important steps you can take to protect yourself online is to use a unique, strong password for every one of your accounts and apps. Unfortunately, it is most likely impossible for you to remember all your different passwords for all your different accounts. This is why so many people reuse the …
With all the news over the last year about secure websites falling victim to serious encryption vulnerabilities, I sit here in disbelief that one very critical vulnerability has seemingly slipped through the cracks. I’m speaking of the RC4 encryption cipher. ATTENTION WEB SERVER ADMINISTRATORS: I’M TALKING TO YOU!!
Now that we are almost one-sixth of the way through the year, many of us have probably abandoned some the many great ideas to better ourselves. So, I encourage you to make just one more resolution that you cannot afford to put on the back burner. If you neglect your security, it could lead you …
Email has become one of the primary ways we communicate in our personal and professional lives. However, we can often be our own worst enemy when using it. In this newsletter from the SANS Institute, we will learn the most common mistakes people make and how you can avoid them in our day-to-day lives. SANS Ouch! …