Security

Welcome to the Security section of PHP Systems Blog. Here, I explore practical ways to protect your systems, data, and privacy - covering everything from server hardening and password management to encryption, backups, and threat detection. My focus is on real-world, actionable steps you can take to secure your technology without overcomplicating it.

Why NAT isn't a security boundary

Every now and then I see this question come up. Particularly when someone references the question in ISC2's CISSP exam. So why isn't NAT a security control? It can form a barrier, right? The answer is, it's not actually that simple. But first, some background.

mail to misp - Email in your threat intel

I receieve a lot of spam and malware via email. Sometimes I can't be bothered to do much with it, but recently I've been picking up doing things with the samples I have been sent. Ever thought about setting up your own "this is a phish button" in your email client? If so, this post may be for you.

Fixing my PPPOE configuration on PfSense

I am moving from a virtual machine on VMWare to a physical host for my firewall. There are many reasons. This machine was the last hold out of my move. I also was upgrading from Pfsense version 2.5.2 to version 2.7.2 as well, which did complicate matters.

pfSense and Tor

I have recently moved from a pfSense vm to dedicated hardware. I may move back, but while I was evaluating the system, I installed TOR ( The Onion Router) package on to my firewall to allow me to route traffic.

Using Kestra to update my proxmox IPSet

I've been using Kestra for a while now to automate some of the more mundane tasks around my network. One of these tasks is keeping the firewall up to date. This blog sits behind cloudflare, and as such, only cloudflare needs to access it. All other sources should be be denied (except internally).

Updating docker hosts with Kestra

Patching is a balancing act. There are some who say you shouldn't if it works, others who say you should, but stay a certain about of time behind and those that think that bleed edge is the way to stay protected.

Smart doorbell failure #2?

Following on from my failure to detect my doorbell button being pushed, I considered a few different alternatives solutions. The first solution to spring to mind was to use a zigbee button.

Security Through Marketing?

Need extra sponsors to drive your email security program? Want to see your logo in certain mail clients like gmail? If so, then you need BIMI.

Deploying vault via docker and ansible

Adding to my in-promptu series on automating docker containers with ansible, this time I'm looking at Hashicorp's Vault. This is slightly different, in that it required a binary to be installed on the ansible controller (a raspberry pi). Once vault is deployed, we need to unseal the containter.

Monitoring DMARC with Docker

In this post, I deploy a docker container via docker compose and ansible to read my dmarc reports.

About the author

Tim Wilkes is a UK-based security architect with over 15 years of experience in electronics, Linux, and Unix systems administration. Since 2021, he's been designing secure systems for a telecom company while indulging his passions for programming, automation, and 3D printing. Tim shares his projects, tinkering adventures, and tech insights here - partly as a personal log, and partly in the hopes that others will find them useful.

Want to connect or follow along?

LinkedIn: [phpsytems]
Twitter / X: [@timmehwimmy]
Mastodon: [@timmehwimmy@infosec.exchange]

If you've found a post helpful, consider supporting the blog - it's a part-time passion that your support helps keep alive.