Sign in Subscribe

Security

All things security related

Why NAT isn't a security boundary

Every now and then I see this question come up. Particularly when someone references the question in ISC2's CISSP exam. So why isn't NAT a security control? It can form a barrier, right? The answer is, it's not actually that simple. But first, some background.

mail to misp - Email in your threat intel

I receieve a lot of spam and malware via email. Sometimes I can't be bothered to do much with it, but recently I've been picking up doing things with the samples I have been sent. Ever thought about setting up your own "this is a phish button" in your email client? If so, this post may be for you.

Fixing my PPPOE configuration on PfSense

I am moving from a virtual machine on VMWare to a physical host for my firewall. There are many reasons. This machine was the last hold out of my move. I also was upgrading from Pfsense version 2.5.2 to version 2.7.2 as well, which did complicate matters.

pfSense and Tor

I have recently moved from a pfSense vm to dedicated hardware. I may move back, but while I was evaluating the system, I installed TOR ( The Onion Router) package on to my firewall to allow me to route traffic.

Using Kestra to update my proxmox IPSet

I've been using Kestra for a while now to automate some of the more mundane tasks around my network. One of these tasks is keeping the firewall up to date. This blog sits behind cloudflare, and as such, only cloudflare needs to access it. All other sources should be be denied (except internally).

Updating docker hosts with Kestra

Patching is a balancing act. There are some who say you shouldn't if it works, others who say you should, but stay a certain about of time behind and those that think that bleed edge is the way to stay protected.

Smart doorbell failure #2?

Following on from my failure to detect my doorbell button being pushed, I considered a few different alternatives solutions. The first solution to spring to mind was to use a zigbee button.

Security Through Marketing?

Need extra sponsors to drive your email security program? Want to see your logo in certain mail clients like gmail? If so, then you need BIMI.

Deploying vault via docker and ansible

Adding to my in-promptu series on automating docker containers with ansible, this time I'm looking at Hashicorp's Vault. This is slightly different, in that it required a binary to be installed on the ansible controller (a raspberry pi). Once vault is deployed, we need to unseal the containter.

Monitoring DMARC with Docker

In this post, I deploy a docker container via docker compose and ansible to read my dmarc reports.
As an Amazon Associate I earn from qualifying purchases.

If you have found this post useful, please consider donating.