• EasyList to SquidGuard Expression List Conversion

    Hi all! It’s seems to be difficult to keep up with the EasyList expression lists, and to make matters more confusing, the conversion from one EasyList expression list to SquidGuard can be cumbersome. There are a few article out on Google that people have posted their own SED files to convert from EasyList to squidGuard, that will manipulate the EasyList expression list and convert it to be compatible with SquidGuard. However, most are outout of date and will cause squidGuard to fail to initialize the expression list when issuing a

    >squidGuard -C all

    [Read More…]

  • SSH Key Based Authentication

    There are many articles and tutorials out there on how to configure SSH to use public key authentication. I wanted to share my findings on the subject and identify some interesting connections I made when setting it up myself. The following instructions will show you how to setup SSH key based authentication, using Ubuntu 12.04, on a local and remote machines.

  • Network Adblocking using Squid, SquidGuard, and IPtables

    I originally discovered Adblock Plus when I first downloaded Firefox many years ago. Since then I’ve installed the Adblock plugin right after Firefox, etc. It’s become so standard that I almost think Firefox should just bundle them together. Including it in it’s default install exe.

    Adblock Plus works as if it were a local content policy,  filtering each request you make with Firefox. Each URL, each domain, each link you navigate to is check based on a static blacklist of expressions and URLs. If a match is found, Adblock Plus simply discards the content from rendering. The discarding and allowing content to load is managed by the Content Policy engine within Firefox. Adblock Plus simply utilizes this in order to block the unwanted contents. Or at least this is my comprehension of how it works. :-p

    Setting up your own Network wide Adblocker

    The purpose of this guide and tutorial is to instruct you on how to set up your own network based adblocker. Expections after completion is every client browser on the network will benefit from adblocking. I will include as much as possible, and feel free to ping me with questions or comment down below.

    You will need:

    1. Computer that will be running the Web Proxy. (For this article, see specs below)
    2. OS that will host the Proxy Software. (For this article, Ubuntu 12.04 32-bit Server)
    3. Proxy software that allows rewrite engines/programs. (squidGuard)
    4. Content-Control-Software or URL Redirect Application(This will consume your blacklists)
    5. URL and RegExp Blacklists consumable by your Content-Control-Software (Here are some free ones)
    6. Optional: ipTables for transparent proxy redirection
    7. Patients and enthusiasm :-p

    [Read More…]

  • File Encryption with ccrypt, axcrypt, and more

    Are you someone who keeps a text file on their Desktop with all there passwords in it? Do you write you account information and passwords on a sticky-note? I sure hope not! But if you do, consider encrypting that password file with high-grade encryption using reliable freeware.

    I will review three free encryption applications; CCrypt, AxCrypt, and OpenSSL.

    [Read More…]

  • Online Threat Management Services

    I had the privileges of working with two very sophisticated and detailed threat managment systems(TMS). Symantec Deepsight(Deepsight) and Internet Storm Center(ISC), both of which have worldwide visibility and insight into the threat landscape.

    1. The obvious first comparison item of the two is Deepsight is commericalware, while ISC is sponsored by SANS.

    2. Deepsight is a Symantec product, thus has a larger infrastructure consisting of multiple honeypot networks spread out through the globe. ISC is community/volunteer driving with daily reports generated by a designated volunteer. ISC relies on volunteer/community member threat information to be submitted.

    3. Both contain main page headlines regarding most current threats and vulnerabilities either discovered or publicly disclosed. (For example, Microsoft release vulnerability information affecting a service)

    [Read More…]