Tag: security | Atom Feed

advice on buying firewall hardware

Mon 22 October 2018

Several people have asked me recently what hardware I would buy today for use as a home firewall.

for a total of $176, including shipping. Links were accurate as of October 22, 2018.

This gets you a tiny box, similar in size to random commercial house router/firewall/wifi access points, which can run a standard Linux operating system with a complex firewall running at 1 Gb/s in and out, more RAM than strictly necessary, and an SSD which is both very large (and therefore can last a very long time) and boot the system quickly enough that you can do a reboot without losing TCP sessions.

I would also recommend a medium-sized USB thumb drive to set up as an emergency booting and backup device. Call it another $15 or so.


FIOS one year later

Sat 20 October 2018


why computer security is terrible, a partial explanation

Fri 21 September 2018


wireguard setup

Sun 12 November 2017

Wireguard is a new open source VPN system being initially developed on Linux. I have two major use cases for such a thing: site-to-site protection, and backhauling traffic from a laptop or phone to my house.

Wireguard’s differentiators:

  • Small codebase, because there are very few options. For example, there is only one key exchange method and only one encryption method.

  • It uses a virtual network interface, wg0, rather than the exciting and hard to debug policy routing that IPsec usually wants.

  • Very little configuration possible, so very little is needed.

  • Performance is already higher than OpenVPN and IPsec on …


towards a sustainable software policy

Sun 11 June 2017


monocultures are efficient and fragile

Mon 15 May 2017


tracing calls

Tue 28 February 2017


slapping at gnats

Sun 22 January 2017


revisiting a new firewall

Fri 13 January 2017

A few years ago I wrote about my new firewall. Let’s look at what I’ve learned since then.

First, you should know that I’m very pleased with the firewall. It continues to function smoothly. Debian upgraded from 7 to 8 without a hitch. I added a few new software features:

  • TINC and OpenVPN servers
  • replaced a full BIND DNS with Unbound (and BIND running behind it on another server)
  • monitoring software
  • an IPv6 tunnel

The CPU is basically idle all of the time. It has four cores; it’s possible that two have never been woken up …


Nintendo’s contactless brushpass and dead drops

Wed 30 November 2016


IOT security: the key and the castle

Tue 22 November 2016


infosec is simple

Thu 29 September 2016


trusted, not necessarily trustworthy

Tue 30 August 2016


security strategies

Tue 07 June 2016


quote of the day

Thu 19 May 2016

© -dsr-. Send feedback or comments via email — by continuing to use this site you agree to certain terms and conditions.

Built using Pelican. Derived from the svbhack theme by Giulio Fidente on github.