https://blog.thinkbox.dev/categories/misc-infrastructure/ Recent content in Misc Infrastructure on ThinkBox Hugo -- gohugo.io en Thu, 17 Oct 2019 20:43:53 -0400 https://blog.thinkbox.dev/posts/0009-domain-filter-with-squid/ Thu, 17 Oct 2019 20:43:53 -0400 https://blog.thinkbox.dev/posts/0009-domain-filter-with-squid/ Introduction Squid is a web proxy with caching and forwarding capabilities, however, this post will not be concerned with caching web content. The focus will be on using Squid to control which domains are accessible to a user, either through blacklisting or whitelisting. This can be useful for blocking undesired domains, such as those associated with malware or advertisements. On the other hand it can be use to limit what a set of computers in a network can connect to which can potently mitigate the impacts of an attack. https://blog.thinkbox.dev/posts/0004-locking-down-workstation-applocker/ Sun, 11 Aug 2019 23:23:32 -0400 https://blog.thinkbox.dev/posts/0004-locking-down-workstation-applocker/ Introduction AppLocker is a powerful component of the Windows operating system that allows an administrator to dictate whether a user has permissions to run a file. There are a few different types of files that can be controlled by AppLocker which include executable files (.exe), DLL files (.dll), Windows Installer files (.msi), PowerShell scripts (.ps1), and packaged applications (these include graphical programs such as Settings and the GUI for Defender). https://blog.thinkbox.dev/posts/0003-create-reverse-proxy-with-docker/ Thu, 18 Jul 2019 17:15:47 -0400 https://blog.thinkbox.dev/posts/0003-create-reverse-proxy-with-docker/ Introduction This blog post will explain the concept of a reverse proxy, and will demonstrate the steps that need to be taken in order to create a Nginx reverse proxy inside of Docker. The concept of a reverse proxy is very simple, a client computer will connect to a central point that will pass their connection on to the desired destination. For example, lets take a look at the diagram below. https://blog.thinkbox.dev/posts/0001-openvpn-ldap-auth/ Fri, 12 Jul 2019 17:27:32 -0400 https://blog.thinkbox.dev/posts/0001-openvpn-ldap-auth/ Introduction This blog post will explain the steps taken to configure OpenVPN to authenticate users using LDAP authentication and 2-Factor authentication. LDAP authentication will be performed against Active Directory, and 2-Factor authentication will be performed with a Time-based One-Time password (TOTP). Furthermore, the network access of users will be restricted to only what the administrator wants them to access. This post is split up into 5 sections: VPN Server Initial Configuration Base OpenVPN Configuration Configuring LDAP Authentication 2-Factor Authentication with TOTP User Based Network Access Polices The first section will configure the server on which the VPN server will be setup on.