Croissants is Intrusion Detection and Prevention System (IDPS) which requires 3 network interfaces and CPU with AVX2, Zotac ZBox CI549 or MI549 is another good choice for home and/or SOHO users. It's small footprint and Intel Core i5-7300U (Dual Core/4 Hyperthreading) is suitable for home and/or SOHO users for IDPS, like Croissants.
It comes with 2 network interfaces and one Thunderbolt 3 Type-C port which can connect to an adaptor to become another network interface. It also can install up to 32GB DDR4 memory. In my opinion, it can handle up to 1000Mbps bandwidth with low to medium traffic flow even I did not test it at my side at the moment. However, I will purchase one for the test when it is available.
On the other hand, you can install pfsense with suricata plugin on it when Hyperscan is available for FreeBSD or pfsense. pfsense requires 2 network interfaces only.
Finally, the difference between CI549 and MI549 is that CI549 is passive cooling while MI549 is active.
That's all! See you.
Reference
Zotac ZBox Comparison 2017
Open Source is a great idea and it has changed the world!
Open Source forever ....
While you do not know attack, how can you know about defense? (未知攻,焉知防?)
Do BAD things .... for the RIGHT reasons -- OWASP ZAP
It is easier to port a shell than a shell script. -- Larry Wall
Most of you are familiar with the virtues of a programmer. There are three, of course: laziness, impatience, and hubris. -- Larry Wall
为天地立心, 为生民立命, 为往圣继绝学, 为万世开太平。 -- 王炜
Monday, November 27, 2017
Saturday, November 18, 2017
One More Secure Layer For Your Security Stack
Quad9 is founded by IBM, PCH and Global Cyber Alliance to provide a free DNS service to you that can block malicious websites when you are surfing the internet.
You can set it up on your router or personal computer in a few steps. It is painless to set it up as the official site provides videos and text documentation to help you to set it up.
Make sure you put "9.9.9.9" on the toppest position of your DNS list in your router or personal computer.
I have tested it and find out that the surfing speed is very fast without lagging. Finally, be keep in mind that Quad9 cannot 100% protect you from being reached all the malicious websites. However, it adds one more secure layer on your existing security stack.
That's all! See you.
You can set it up on your router or personal computer in a few steps. It is painless to set it up as the official site provides videos and text documentation to help you to set it up.
Make sure you put "9.9.9.9" on the toppest position of your DNS list in your router or personal computer.
I have tested it and find out that the surfing speed is very fast without lagging. Finally, be keep in mind that Quad9 cannot 100% protect you from being reached all the malicious websites. However, it adds one more secure layer on your existing security stack.
That's all! See you.
Tuesday, November 14, 2017
VPN and IPS For Public Wifi
Many friends of mine always asking me how to protect themselves from being hacked. The most asked question is how to protect them from being hacked when using public wifi. They are asking if VPN can do it or not as they saw a lot of advertisement about it.
I recommend them to use their own VPN server with additional protestion, such as Intrusion Detection and Prevention System (IDPS), Next-Generation Firewall or Unified Thread Management System (UTM). It is because most of those products equipped with Anti-Virus/Malware, Exploit prevention and etc. It would be more better and more secure than just use commercial VPN alone.
Open source solutions will be very great for home users and small businesses. I recommend pfsense with suricata and Croissants. pfsense basically is a router and it can install suricata plugin that making it to be an inline IPS. pfsense also have build-in VPN. On the other hand, Croissants is designed for inline IPS and it does not comes with VPN. You need to setup your own.
Once the VPN and IPS are setup, when you are going to use the public wifi, you can connect to the public wifi hotspot and then connect to your VPN which is setup at your home or office. The traffic will be go through the inline IPS via VPN. As a result, you will be under the protection of the IPS. However, the downside is the battery of your mobile device (such as smartphone) will be drained out more quickly. Therefore, you can connect to your VPN when necessary.
Finally, when using pfsense with suricata, you need to fine tune the rules set in order to prevent some false positive alerts. However, Croissants is already tune for daily usage.
Reference
pfsense Official site
Youtube - Build a Router 2016 Q4 -- pfSense Build
pfsense Forum - Suricata true inline IPS mode coming with pfSense 2.3 -- here is a preview
Youtube - pfSense: Network Intrusion Detection w/Suricata (pt4)
Youtube - Suricata Network IDS/IPS System Installation, Setup and How To Tune The Rules & Alerts on pfSense
Croissants - Intrusion Detection and Prevention System
That's all! See you.
I recommend them to use their own VPN server with additional protestion, such as Intrusion Detection and Prevention System (IDPS), Next-Generation Firewall or Unified Thread Management System (UTM). It is because most of those products equipped with Anti-Virus/Malware, Exploit prevention and etc. It would be more better and more secure than just use commercial VPN alone.
Open source solutions will be very great for home users and small businesses. I recommend pfsense with suricata and Croissants. pfsense basically is a router and it can install suricata plugin that making it to be an inline IPS. pfsense also have build-in VPN. On the other hand, Croissants is designed for inline IPS and it does not comes with VPN. You need to setup your own.
Once the VPN and IPS are setup, when you are going to use the public wifi, you can connect to the public wifi hotspot and then connect to your VPN which is setup at your home or office. The traffic will be go through the inline IPS via VPN. As a result, you will be under the protection of the IPS. However, the downside is the battery of your mobile device (such as smartphone) will be drained out more quickly. Therefore, you can connect to your VPN when necessary.
Finally, when using pfsense with suricata, you need to fine tune the rules set in order to prevent some false positive alerts. However, Croissants is already tune for daily usage.
Reference
pfsense Official site
Youtube - Build a Router 2016 Q4 -- pfSense Build
pfsense Forum - Suricata true inline IPS mode coming with pfSense 2.3 -- here is a preview
Youtube - pfSense: Network Intrusion Detection w/Suricata (pt4)
Youtube - Suricata Network IDS/IPS System Installation, Setup and How To Tune The Rules & Alerts on pfSense
Croissants - Intrusion Detection and Prevention System
That's all! See you.