Posts by VictorM

Oct 11, 2025Ravie LakshmananCloud Security / Network Security

Cybersecurity company Huntress on Friday warned of "widespread compromise" of SonicWall SSL VPN devices to access multiple customer environments.

"Threat actors are authenticating into multiple accounts rapidly across compromised devices," it said. "The speed and scale of these attacks imply that the attackers appear to control valid credentials rather than brute-forcing."

Running Qubes (Linux)

• 24 GB RAM
• 512 GB NvME
• Qubes is based on virtual machines. And it can run them in separate windows. As you probably know, malware analysts use virtualization to prevent cross infection to their other PCs. And Qubes can have cubes without networking. So it is great for a RBAC setup: 1 cube for work, 1 cube for casual browsing, 1 cube for banking and purchases and so forth. And the cubes can have different color window frames. The hypervisor, dom0, is offline forever. And all updates are done via proxies. Qubes uses 3 distro's: Fedora, Whonix and Debian. You can create cubes using any of them as base distro. One thing though, you can't run Qubes in a vm, it requires hardware. And it doesn't require 24GB RAM, 8 will run fine.

I use a few free streaming services: Tubi, Plex. And I subscribe to Amazon Prime Video. Because they all have movie trailers (the free ad-based ones sometimes don't)

Ubuntu Hardening Guide:

Fortified Ubuntu: hardening Ubuntu 24 Desktop

Yes, you use any old desktop computer. Even Core2Duals.

The rules defaults to Outbound Allow as policy. That’s why you can surf immediately when you hook up the wires.

You can trash the Block 25 smtp rule, that’s just for demonstration. I made a rule (using New Rule button) that Drops all incoming on the Red WAN interface and selected the option to Enable SYN flood protection, that is a denial of service attack. The source is ‘standard networks : any’ and the destination is “standard networks : red”. (You can’t see the Source option in the screenshot because I scrolled the screen down.)

Here I am showing you the Firewall Options. Where the default Outgoing Allow setting is set. Set the Forward to Block, since we are not forwarding any network traffic to somewhere.

Using IP Address Blocklist you can download various blocklists.

Location Block is where you can block various countries

At the DNS screen you can set up your preferred DNS provider. Note you have to wait a little for the entire screen to show up as ipfire tries to verify the addresses as the screen loads.

And finally lets look at updates:

You checkmark the 2 boxes as above to enable automatic updates.

There are other configuration options are you can see on the first few screen shots, but I have chosen the most common screens to configure for us security focused users.

Note: for the road warriors, you can setup a VPN to connect back to home using the Services>OpenVPN menu. The set up is a little involved, but the instructions are easy to follow. It also supports 2FA. The buttons are not labeled to show you that it is a wizard. See the documentation here: Client configuration

And there are lots of add-ons available thru the ipfire>Pakfire menu https://www.ipfire.org/docs/addons

Today I am going to help you setup a ipfire network IPS and firewall.


Having a network hardware IPS and firewall is good because it can stop attacks centrally at the gate to your LAN. The ipfire machine is your gate.

A network IPS and firewall is essential because your Windows firewall is not as honest as it seems. Numerous sorts of traffic bypasses it without any firewall rules, like base-telemetry, windows update, remote management, push to install, RPC, delivery optimization, pc-sync, and network time service. Where you have unchecked inputs like these, it is very difficult to lock down security. You sometimes do not know whether it is tcp or udp, you do not know the ports and you don’t know what ip addresses are involved because MS does not disclose them. Therefore, a network IPS and firewall that stops traffic at the gate is needed. It can stop network exploits BEFORE it touches your pc's.

Ipfire is very simple to configure. If you have explored your router settings you will find similar sections.

And if you have children, you can set time limits and block unwanted material.

What you need is a old pc, and add a $15 2nd network card and a $12 dumb switch. Then install ipfire on it and it will act as a hardware IPS and firewall. Beats buying a hardware appliance at $2XX.

You download the iso and use Rufus to write it to a USB stick, or if your old pc is too old to boot from USB, then you right click and Burn to DVD disc. Machines as old as Core-2-Duo’s with 4GB RAM will suffice as a firewall doesn’t use much cpu power. The suricata IPS just needs RAM ( and 4 gb is plenty, minimum just 1 gb ).

When it boots up, it will ask you to select which network card you want to use for your WAN (red) and LAN (green). Don’t worry if you get it wrong, you can always switch the Ethernet wires. Then it asks for two passwords; one for root which you won’t use much, and the admin; which you use to login to the web panel. And then you decide what ip address to give it.

Then you surf over to xxx.xxx.xxx.xxx:444 . Note the :444, because ipfire does not use https 443.

Lets talk about the Intrusion Prevention System.

First click on the Add Provider button and add each of the free rules providers. The ones that say Pro Rules and Registered Users are not free.

Now click on Customize Ruleset button and pick the rules that matter to you. For example you won’t be needing ‘emerging activex rules’ since we no longer use Internet Explorer. (IE).

Next, next click on Firewall Rules