Help with Linux and Open Source Software

Securing Against Internal Network Threats with IPTABLES

How to use iptables to secure your network against internal threats with PacketFence, a transparent Linux bridge and a bit of custom PHP scripting.

Posted by Tony on Apr 06, 2015 | Network Security

Configuring a Transparent Bridge in Ubuntu

Configuring a transparent pseudo-bridge, proxy-arp and routing multiple network cards with Ubuntu for added security and flexibility.

Posted by Tony on Apr 02, 2015 | Network Security, Servers

Using a RADIUS Server on Ubuntu 14.04 for WIFI Authentication

WPA2 Enterprise is the much more secure wifi authentication method. There's no hackers cracking login passwords if you do this, but there are a few downsides. Here's how to implement it for a small environment.

Posted by Tony on Mar 27, 2015 | Servers, Network Security

Linux, iptables, SNAT and Too Many Adapters

I've had some weird glitches with my primary firewall this week. After a reboot, certain SNAT rules just didn't... happen. Or, other SNAT rules did. And it always seemed to only impact SIP traffic. For instance, after rebooting, SIP traffic from one internal phone server that's destined for another internal phone server at the other end of a VPN connection would spontaneously decide to SNAT itself to an external IP address, yet still go across the tunnel. Or, SIP traffic destined for the outside would decide to route correctly out the right adapter, but leave the private address on it, ignoring the SNAT rule I could plainly see in iptables.

Posted by Tony on Feb 19, 2015 | Networking, Network Security, Servers

The Pentagon Demonstrates How Ignorant They Are

A recent article in the New York Times demonstrates just how helpless our nation is against hacker threats. Please notice my lack of using the word "Cyber" which in reality has nothing to do with the Internet or computer security, despite the media's attention to the word.

Posted by Tony on Jul 14, 2011 | Network Security

Password Security (and Why You Should Be Trembling)

No doubt by now you know that Sony's Playstation network was hacked. The attackers got away with the user database, and probably with credit card information as well. I'm going to get a little technical today and talk about passwords.

Posted by Tony on May 16, 2011 | Network Security

LDAP Authentication with TLS

I've been using LDAP for central authentication, but I hadn't added encryption until recently. With the advent of network switches, on a cabled network it has become very difficult to "sniff" or listen in on other network traffic. With wireless though it's much easier, so encrypting all traffic is a good idea.

Posted by Tony on Mar 04, 2011 | Servers, Network Security

IPTables Trickery

I've had a bit of a strange situation on my network - Googling never did come up with anything for me.

Posted by Tony on Aug 22, 2009 | Servers, Network Security, Networking

Stop Port Scans In Their Tracks With iptables

Sure, there's a lot of tutorials out there for blocking SYN+FIN, christmas scans, etc. But did you know that most of those won't help against a default nmap scan? Try it - block all the standard stealth scans, etc using something like the following...

Posted by Tony on Mar 10, 2009 | Networking, Network Security, Servers