The Perfect Reverse Proxy (NGINX, SSL, WebUI Management)

Reverse Proxy.  I’ve been implementing reverse-proxy solutions in lab and in production for some time now, but I always come across the same problem; It’s not the easiest type of a system to manage, especially when there are SSL certificates involved. Now, before I started looking for an easy-to-manage SSL solution, I figured I’d find some sort of web interface for the NGINX config files and other basic server management. After some searching and testing, I decided on Ajenti. Ajenti is a python-based linux control panel that makes installing packages…

Read More

Easy SSL for ScreenConnect with NGINX Reverse Proxy

On the topic of NGINX Reverse Proxy, it just so happens that the process for installing an SSL certificate onto your ScreenConnect server can be rather difficult, and a much more flexible approach is by using NGINX over SSL to reverse-proxy to the ScreenConnect instance. This is how you can do it yourself. Modify ScreenConnect settings: To begin, we should change the port that ScreenConnect listens on for incoming web connections. This is so NGINX can use ports 80 and 443. On Linux, screen connect is in installed to /opt/screenconnect/ Open…

Read More

netdata: A remarkable server monitoring utility.

I wanted to write a short introduction to a tool that I’ve been using a lot on my newest servers and development projects. This tool seriously provides the most amazing way of monitoring and comprehending your server’s performance and other metrics that I’ve seen in such a simple, lightweight installation. Here’s the current RAM utilization of my server, thanks to netdata: From the readme: netdata is a system for distributed real-time performance and health monitoring. It provides unparalleled insights, in real-time, of everything happening on the system it runs (including…

Read More

NGINX Security Hardening

 After setting up an NGINX webserver with a GoDaddy-issued SSL certificate, I did an SSL test and saw that I was graded a C. That’s average! I want a secure site. So I looked around at a couple of things, and decided to put together a small list of things you can add to your NGINX configuration/server block for enhancing security. I’m going to assume you’re already using an SSL certificate. If you aren’t, start there, and THEN look into how you can improve security 😉   1. Redirect all…

Read More

How to provide Guest WiFi network access securely with Cisco Meraki Appliances

If you have an office, facility, or residence with a lot of guest traffic and are needing to provide the guests with their own network using your existing Meraki equipment, this is the best way to do it. For this example the environment is using the following devices: Cisco Meraki MX100 Router Cisco Meraki MS350-48p Switches Cisco Meraki MR42 APs Brief: The Guest clients should: be denied access to the Secure network (LAN, Secure WLAN, etc) be unable to communicate with each other (client isolation). have bandwidth restrictions. have unique content…

Read More

Secure your Dropbox – store files and data in an encrypted container [Windows + BitLocker]

We let our Documents sync to the cloud, download themselves on all of our PCs, and trust that no single person besides ourselves can ever see those files, unless otherwise intended. This may be true that “only you” can see what’s in your Dropbox and other cloud storage, but in reality, your cloud storage has so many gateways that it’s easy to accidentally leave one open, such as a shared home computer. Not only that, but your cloud storage provider could see your files if they wanted to. But isn’t…

Read More

Check if your accounts have been compromised in an online data breach

With all of the recent data breaches, online security is (and has been) becoming a growing concern. If you aren’t aware, hundreds of major breaches have been publicized, and who knows how many smaller breaches are going unnoticed each day? With the “have I been pwned” website, you can both view a list of pwned websites (websites which have been breached and data compromised) and also check your e-mail addresses and online usernames to see if they were included in any of those breaches. What if I’ve been pwned?! How you use…

Read More

Secure your Sophos Network: Use Network Groups for Trusted Remote Hosts.

My primary concern lately as my internet presence has grown has been in the general realm of security. How do I know that no one is accessing my port-forwarded server? How do I know that no one is logging into my router? […] An easy answer to this has always been limiting inbound connections to trusted hosts; But that’s not always an easy solution. Most consumer routers don’t even support this (correct me if i’m wrong) and in most firewall applications it can be cumbersome to append and manage trusted…

Read More

Sophos UTM Country Blocking: Oops!

Background: My girlfriend has an AirBnB service for a spare room in her home. I have a Sophos UTM appliance running her home network. Okay! Last night my girlfriend received a text on behalf of our guest stating that the WiFi wasn’t working. We were out for pizza + beer, so we didn’t exactly rush home to check it out. […] This morning we got word again; “the WiFi isn’t working, they say they need to use the WeChat app” I logged in to the Wireless AP and it checked out. It’s…

Read More