Updated Mikrotik firewall script from Rick Frey

Our friend Rick Frey has updated his Mikrotik Firewall script.  You can find it here
http://rickfreyconsulting.com/rfc-mikrotik-firewall-6-0-for-ipv4-free-version/

You will need a fairly beefy router to run all of this.  If you are an enterprise this will be very handy for protecting your corporate network.  If you are an ISP I would pick and choose some of the parts which apply to you.  Your infrastructure should already be on non accessible IP space so the need for this big of a firewall should not be necessary

Make sure your devices have NTP

This content is for Patreon subscribers of the j2 blog. Please consider becoming a Patreon subscriber for as little as $1 a month. This helps to provide higher quality content, more podcasts, and other goodies on this blog.
To view this content, you must be a member of Justin Wilson's Patreon at $0.01 or more
Already a qualifying Patreon member? Refresh to access this content.

Corporate vs ISP networks for the ISP

This content is for Patreon subscribers of the j2 blog. Please consider becoming a Patreon subscriber for as little as $1 a month. This helps to provide higher quality content, more podcasts, and other goodies on this blog.
To view this content, you must be a member of Justin Wilson's Patreon at $0.01 or more
Already a qualifying Patreon member? Refresh to access this content.

Dot1x in Routeros 6.45.1

Some of you may have noticed a new menu item pop up in winbox labeled dot1x

Dot1x is implementation of IEEE 802.1X standard in RouterOS. Main purpose is to provide port-based network access control using EAP over LAN also known as EAPOL. 802.1X consists of a supplicant, an authenticator and an authentication server (RADIUS server). Currently both authenticator and supplicant sides are supported in RouterOS. Supported EAP methods for supplicant are EAP-TLS, EAP-TTLS, EAP-MSCHAPv2 and PEAPv0/EAP-MSCHAPv2.

Looking at how to use this?
https://wiki.mikrotik.com/wiki/Manual:Interface/Dot1x#Application_Example

OpenPGP servers and attacks

Great read on OpenPGP

https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f

In the last week of June 2019 unknown actors deployed a certificate spamming attack against two high-profile contributors in the OpenPGP community (Robert J. Hansen and Daniel Kahn Gillmor, better known in the community as “rjh” and “dkg”). This attack exploited a defect in the OpenPGP protocol itself in order to “poison” rjh and dkg’s OpenPGP certificates. Anyone who attempts to import a poisoned certificate into a vulnerable OpenPGP installation will very likely break their installation in hard-to-debug ways.