Monday, November 27, 2017

Zotac ZBox CI549/MI549 nano for Croissants

Croissants is Intrusion Detection and Prevention System (IDPS) which requires 3 network interfaces and CPU with AVX2, Zotac ZBox CI549 or MI549 is another good choice for home and/or SOHO users. It's small footprint and Intel Core i5-7300U (Dual Core/4 Hyperthreading) is suitable for home and/or SOHO users for IDPS, like Croissants.

It comes with 2 network interfaces and one Thunderbolt 3 Type-C port which can connect to an adaptor to become another network interface. It also can install up to 32GB DDR4 memory. In my opinion, it can handle up to 1000Mbps bandwidth with low to medium traffic flow even I did not test it at my side at the moment. However, I will purchase one for the test when it is available.

On the other hand, you can install pfsense with suricata plugin on it when Hyperscan is available for FreeBSD or pfsense. pfsense requires 2 network interfaces only.

Finally, the difference between CI549 and MI549 is that CI549 is passive cooling while MI549 is active.

That's all! See you.

Reference

Zotac ZBox Comparison 2017


Saturday, November 18, 2017

One More Secure Layer For Your Security Stack

Quad9 is founded by IBM, PCH and Global Cyber Alliance to provide a free DNS service to you that can block malicious websites when you are surfing the internet.

You can set it up on your router or personal computer in a few steps. It is painless to set it up as the official site provides videos and text documentation to help you to set it up.

Make sure you put "9.9.9.9" on the toppest position of your DNS list in your router or personal computer.



I have tested it and find out that the surfing speed is very fast without lagging. Finally, be keep in mind that Quad9 cannot 100% protect you from being reached all the malicious websites. However, it adds one more secure layer on your existing security stack.

That's all! See you.


Tuesday, November 14, 2017

VPN and IPS For Public Wifi

Many friends of mine always asking me how to protect themselves from being hacked. The most asked question is how to protect them from being hacked when using public wifi. They are asking if VPN can do it or not as they saw a lot of advertisement about it.

I recommend them to use their own VPN server with additional protestion, such as Intrusion Detection and Prevention System (IDPS), Next-Generation Firewall or Unified Thread Management System (UTM). It is because most of those products equipped with Anti-Virus/Malware, Exploit prevention and etc. It would be more better and more secure than just use commercial VPN alone.

Open source solutions will be very great for home users and small businesses. I recommend pfsense with suricata and Croissants. pfsense basically is a router and it can install suricata plugin that making it to be an inline IPS. pfsense also have build-in VPN. On the other hand, Croissants is designed for inline IPS and it does not comes with VPN. You need to setup your own.

Once the VPN and IPS are setup, when you are going to use the public wifi, you can connect to the public wifi hotspot and then connect to your VPN which is setup at your home or office. The traffic will be go through the inline IPS via VPN. As a result, you will be under the protection of the IPS. However, the downside is the battery of your mobile device (such as smartphone) will be drained out more quickly. Therefore, you can connect to your VPN when necessary.

Finally, when using pfsense with suricata, you need to fine tune the rules set in order to prevent some false positive alerts. However, Croissants is already tune for daily usage.

Reference

pfsense Official site
Youtube - Build a Router 2016 Q4 -- pfSense Build
pfsense Forum - Suricata true inline IPS mode coming with pfSense 2.3 -- here is a preview
Youtube - pfSense: Network Intrusion Detection w/Suricata (pt4)
Youtube - Suricata Network IDS/IPS System Installation, Setup and How To Tune The Rules & Alerts on pfSense
Croissants - Intrusion Detection and Prevention System


That's all! See you.