Search my Blog


Browse Past Posts

Browse by Topic

♥ Special ♥


Frequently Visited Sites

News, Geek & Security
This is a Flickr badge showing public photos and videos from Bruce Westbrook. Make your own badge here.

My Hosting Provider

My most excellent hosting provider since 2002...9 years and counting!

This is not the image you are looking for.


Here’s where you can find various procedures, policies and misc downloads that I keep up here for public consumption. Take note that my primary purpose behind creating these various documents are to keep myself refreshed of how to do things (I’m one of those types that’s forgotten more then you’ll ever know — haha!) so they may not necessarily explain every detal. Although I do try to include the pertinent information.

And as with any tool — use these at your own risk!


My public PGP key: PGP Key
My PGP fingerprint is: CBBC 2771 B195 4ECF EF13 2986 DD9F 4DD0 C5A4 D9DE

NEW BIND DNS Blackholing Procedures Posted

BIND DNS and Spyware Blackhole
Here are some procedures for installing, configuring and maintaining your own BIND DNS server, with the objective for “blackholing” spyware domains. You can use the same concept and procedures to blackhole any domain you want for your internal network. Complete instructions on how to incorporate spyware site blackholing and automatically keep the blackhole list up to date using the zones from are included.

NEW Tunneling Procedures Posted December 14, 2006

SSH Tunneling for HTTP
Have you ever been concerned about accessing the web when you’re out at a public wifi hotspot or at a seminar or conference (especially a security-based one)? People could sniffing the air (or even the wire) looking for interesting traffic or just to mess with people. How about simply setting up an SSH tunnel to your home linux box that you can access securely and then tunneling your browser traffic through that SSH tunnel? You’re essentially then encrypting ALL your browser traffic from local sniffers! Of course, once the traffic leaves your house, it’s all unencrypted again, but then it’s no different from when you’re at home. At least you’ve circumvented anyone listening locally!

Linux Lockdown
Just built a linux box and want to lock it down? Here are my basic lockdown steps. It’s based on Red Hat but you can port it to any distribution of linux. Includes steps for using iptables as a host-based firewall.

Here are my Snort IDS procedures for both Red Hat Enterprise and Fedora. I’ve also included a tar file with all of the files you’ll need to install and configure Snort on Red Hat Enterprise Linux (RHEL). You can use *most* of the same files on Fedora and other distros as well, although the RPMs are built specifically for RHEL in the version indicated.

So you want to provide your home or small business with better then commercial strength web content filtering? DansGuardian is the only way to go! Free for not-for-profit organizations and very inexpensive for commercial companies.

IPCop with DansGuardian
Want a strong, linux-based firewall with a decent GUI and lots of plugins to expand functionality? IPCop is the way to go! These are my procedures for getting an IPCop box up and running, with the Cop+ plugin for DansGuardian content filtering.

Endian Firewall
Here’s a group of folks that ported IPCop and Smoothwall (which itself is a port of IPCop…or is it vice versa? I can never remember…) into a commercial product, but also released an open-source, community supported version. It has a very clean interface that I really like, and it’s incorporated many of the most used plugins, like DansGuardian for content filtering, Spamassasin for spam filtering, Advanced Proxy for granular proxy controls and LDAP authentication (including Active Directory and Novell eDirectory), ClamAV for anti-virus, OpenVPN for remote networking, and more. A very crisp and clean, “turn-key” style solution for a complete security appliance.

FireStats icon Powered by FireStats