Category: Security

How to Use “ipset” to Block IPs from Country

Previously we learned how we can restrict or allow a particular country using GeoIP but in this article, we’ll cover how we can block large IP ranges using ipset module with iptables. IPset is a command line based utility which is used to administer the framework called IP sets inside the Linux kernel. An IP set may store IP addresses, networks, (TCP/UDP) port numbers, MAC addresses, interface names or combinations of them in a way, which ensures lightning speed when matching an entry against a set. It is an associative application for the iptables Linux firewall which allows us to setup rules quickly and easily to block a set of IP addresses. Here, we’ll see how we can use ipset module with iptables to block a large ranges of IP addresses in our linux based machine.

Source: How to Use “ipset” to Block IPs from Country (LinOxide)

How to Block IPs from Countries using Iptables Geoip Addons

We’ll learn how we can block traffic originated from specific country IPs using GeoIP database and linux iptables. Iptables is a command based utility program for configuring the linux kernel firewall which is implemented within the Netfilter project. Whereas GeoIP is a collection of IPs corresponding with the geographical locations where the geographical location is mapped with the IP addresses allocated at those specific organization, city, state and countries. The geographical co-ordinates in the GeoIP database are the often near the center of the population so it should not be used to identify a particular address or household. And with the help of a module called xt_geoip consisting in an iptables extension xtables-addon and the GeoIP database, we’ll perform country-based traffic filtering which helps us block or allow the traffic from a specific country.

Source: How to Block IPs from Countries using Iptables Geoip Addons (LinOxide)

Understanding Linux Permissions

Linux is a multiuser operating system. In a multiuser environment, it is necessary to ensure that a user cannot access or modify files or directories that they arent supposed to. File permissions provide a protection mechanism for controlling access to files and directories.

Linux’s file security model is based on that of Unix. Each file or directory can be accessed or modified by the user who created it, or a group of users who have been given permission to do so. Permissions can also be defined for other users that do not belong to either of these two categories.

In this guide, we will go over how file permissions work in Linux for beginners. We’ll cover how you can view the permissions associated with files and directories and also how you can change them.

Source: Understanding Linux Permissions (Linux Academy)

How to Clear the Google Chrome DNS Cache

Flushing your DNS cache can help to fix host connection problems you may experience when accessing some web pages. To get a better Internet access performance, Google built a caching system, not only for site content but DNS as well. So yes, Google Chrome does have a built-in internal DNS caching system – a hidden feature that allows users to manually clear out the Chrome DNS host cache from within the browser itself.

Flushing out the Chrome DNS cache can prove useful, especially when you have changed the DNS settings. If clearing out the DNS cache from the operating system level does not fix the host connection problems, clearing up Chrome’s own DNS cache should do the trick.

This article will show you step by step how to clear the Chrome DNS cache.

Source: How to Clear the Google Chrome DNS Cache – Make Tech Easier

OpenSnitch: The Little Snitch application like firewall tool for Linux

OpenSnitch (forked version) screenshot

EDIT: The original developer apparently has abandoned OpenSnitch, however there is a forked version that as of 2021 is still being actively developed. In addition, there is a newer project by a completely different developer called eBPFSnitch. For more information on the forked version, see OpenSnitch Linux Application Firewall Fork With Improvements And Bug Fixes (LinuxUprising)

Continue reading “OpenSnitch: The Little Snitch application like firewall tool for Linux”

The Ultimate Firefox Privacy & Security Guide

Online privacy and security are constantly under assault. It seems like every day there’s a new threat to your personal information. Choosing and configuring the right web browser goes a long way in protecting yourself. Right now Firefox is the best option for that. It’s open source, gives you tons of options for control, and has all of the privacy and security add-ons you’ll need.

This guide is as complete as it can be at the time of writing. These are ever-evolving topics, and threats continue to change. Regardless, this guide will give you a good basis to protect yourself from common threats.

Source: The Ultimate Firefox Privacy & Security Guide – Make Tech Easier

How to Block Bad Websites

With the amount of malware currently prowling the internet it’s becoming increasingly important to protect your computer. Therefore I’ve separated my advice on how to stay safe online into two main sections. The first is the methods that I believe anyone from a novice to an expert user can use. The other section is aimed more at intermediate to advanced users. These methods may be more difficult to use, but your computer will be more secure.  

Source: How to Block Bad Websites | Gizmo’s Freeware

Keep local Instant Messages on your local network with BeeBEEP (Secure Lan Messenger)

When you want to send an instant message to someone else that’s on the same local network as you are, whether that be another family member or a co-worker in your office, why use an offsite chat server that leaves your messages open to interception by the company running the chat server or some other third party? This software will allow you to keep your local IM’s in your local network, and for added safety it also encrypts them! Plus, it supports multiple operating systems, unlike the proprietary chat client that might have come with your computer. It’s NOT for chatting with people elsewhere on the internet; if you need to set up secure connections with offsite chat clients then you may need to set up a private Prosody IM server. But for secure IM chats with people on your local network, this looks like just the thing!

What is BeeBEEP?

BeeBEEP is an open source, peer to peer, lan messenger developed by Marco Mastroddi. You can talk and share files with all the people inside your local area network such of an office, home or internet cafe. You don’t need a server, just download, unzip and start it. Simple, fast and secure.

Main Features:

  • Free: BeeBEEP is free and always will be.
  • Multiple OS: there are releases for Windows, MacOSX, Linux, OS/2 and eComStation.
  • Easy to use: BeeBEEP is a serverless application. Download, unzip and start.
  • Secure: encryption based on Rijndael Algorithm (AES).
  • Instant Messaging: chat with all people connected, group or single user.
  • Groups: create your favorite group of people.
  • P2P: send or share your files and folders (also by drag and drop).
  • Offline messages: messages will be delivered to offline users when they will be online.
  • Message History: all messages can be saved.

    • Source: BeeBEEP (Secure Lan Messenger)

    Linux iptables Firewall Simplified Examples

    In the previous post, we’ve talked about how to Secure Linux Server Using Hardening Best Practices and some people ask me about firewall section which was a brief introduction about iptables firewall. Today we will discuss in detail the Linux iptables firewall and how to secure our servers traffic using that awesome tool.

    Source: Linux iptables Firewall Simplified Examples – Like Geeks