Tag: security

How-to: Adding SSH Keys to OPNsense

How-to: Adding SSH Keys to OPNsense

If you enable SSH access on your OPNsense firewall, for the best security you should use SSH keys and disable username/password logins. This blog post will guide you through the quick and easy process of creating SSH keys, installing them, and then configuring OPNsense to only allow SSH key logins....

How-to: NextDNS + OPNsense Firewall

How-to: NextDNS + OPNsense Firewall

Recently I've been re-doing my home network, and I'm now using the OPNsense firewall, replacing my Ubiquiti EdgeRouter 12 with a more robust solution. For OPNsense I selected the PROTECTLI FW6D platform, which has 6 ports and an Intel i5-8250U CPU. I've also been running Pi-Hole on my network for...

How-To: Wireguard VPN on the Raspberry Pi 4

How-To: Wireguard VPN on the Raspberry Pi 4

Do you want a wicked fast VPN back to to your home network that seamlessly roams between cellular/LTE and Wifi? Look no further than Wireguard. This blog post will show you how to install and configure Wireguard on a Raspberry Pi 4 and an endpoint such as your phone. I...

Nutanix Prism Central RBAC

In a very high percentage of enterprise environments you need to securely delegate access to various applications and infrastructure components. Unless you work in a mom and pop IT shop, you should follow the security principle of 'least privilege' with RBAC (Role based access controls). This means a person with...

Top WordPress Plugins You Should Use Pt. 1

I've been running a WordPress blog for over 4 years, and recently started a 'back end'  plugin refresh cycle. I'm also working on new WordPress site for my photography outlet, and did a lot of research into the best-of WordPress plugins. Most of the plugins I'll cover are fairly generic...

Windows 10 Credential Guard and VMware Workstation 14

Microsoft has been very busy adding new security features to Windows 10. It seems that each release gets something new, or existing features are enhanced. For enterprises, one of the great new-ish features is Windows Defender Credential Guard. What is Credential Guard? It uses VBS (virtualization based security) to help...

Ignite 2015: Platform security vision

Session: BRK2482 Technology landscape: Virtualization: VMs decoupled from hardware. Can't use TPM, UEFI, secure boot, etc. VM mobility, complex lifecycle, strong isolation. Cloud Computing: Treat your systems like cattle, not pets. Management process at scale. Distributed cloud. Service Providers: trust boundary between tenant and service provider. Governance, risk, compliance. Cloud...

Critical VMware Security Patches Released

In case you missed it, VMware has released a number of product updates to address critical vulnerability in JRE. JRE is used in many products, so a wide range of products are affected. You can read the full bulletin here. The bulletin details which product version you need to be...

vSphere 5.1 U3 Now Out

Right on the heels of VMware Workstation 11 being released, VMware has released vSphere 5.1 U3. No major new features, but according to the release notes there is support for new guest operating systems (without being specific) and it also resolves a number of issues. Also updated in this release...

SQL 2014 Always-on AG Pt. 3: Service Accounts

This is Part 3 of the SQL 2014 Always-On Availability group series where we setup two service accounts and a security group. One account is for the database engine and the other is for the SQL agent. In order for Kerberos to work properly the database engine account must be Active Directory based. We will also...

VMworld 2014: DISA STIG vSphere 5 Deep Dive

Session INF1273 This was a very technical session on how to implement the DISA STIG's (security lockdowns) for DoD/Government customers. Many of the slides contained script snippets that help automate the process. Thus my session notes are very light. If you are a U.S. Government Federal customer that must comply...