In the early days of my business, one of the first services that we offered was web development and design, to be quite honest because it was fairly easy to sell at a large profit margin. However, with me being me and having an intense background in system and server administration, we not only designed and developed the websites, we would also provide the hosting and maintenance for those sites.
All well and good except that some of those websites had either e-commerce built into the site or collected sensitive information from their customers or patrons. So it was a must to use SSL certificates to secure the data while in transport from the user’s browser to our servers (I’ll get into securing and encrypting that data at rest some other day). Back when we were doing it, you had to go find a trusted certificate authority that you actually trusted such as Verisign or Norton that usually came out to a few hundred dollars every year, generate your public and private certificates on your server then getting them to work with whichever web server you had. It was a mess. By far the thing that I hated doing the most for web hosting.
That’s why I was so stoked when I found out about a year and a half ago that The Electronic Frontier Foundation (EFF), in an effort to make SSL connections the new default, not only was becoming a certificate authority, they developed a tool called Lets Encrypt that makes it ridiculously simple to enable SSL on your website. All you have to do is go to https://letsencrypt.org, choose your operating system and web server and it will download the appropriate script. Oh yeah, it’s completely free!
Since Let’s Encrypt has came out, I have used it for every web server that I’ve set up whether it needs it or not. It literally on takes about five minutes to setup so why not?
Given that I’m an open source junky, it should be no surprise that PFSense is without a doubt, my favorite firewall for both home and small business use.
During the last three years of my business, instead of buying a Cisco SMB or a Sonicwall firewall, what I’ve done is buy a refurbished Dell Poweredge server with typically around 16 gb of memory and usually a RAID array that has the usable capacity of 500 gb for around $200-$300 and popping PFSense on it.
Aside from it being completely open source, some of the things that I love about it are:
- It being rock solid given its FreeBSD foundation
- It’s bandwidth monitoring and rule-based policies
- VPN built in with both OpenVPN and IPSec
- Web caching built in with Squid
- Web content filtering to block people from visiting unwanted or inappropriate websites
- It’s on-demand virus scanning, blocking viruses and malware before it reaches the client’s computer
- Limit traffic by country
- A programmable intrusion detection system
- VLANs completely built in
I could go on and on and on. There are literally hundreds of available plugins that extend the core of PFSense’s functionality. Knock on wood but I’ve had some PFSense servers running for years without issue. I know that a Poweredge server is a bit overkill for a firewall for a small business, but at that price, why the hell not?
Those that know me, know that I’m a huge fan of two factor authentication. For those that don’t know what two factor authentication is, it’s where when you sign into an online account, you enter your username and password to login as always, but when you login, you usually get sent a text message with a six digit code that you need to verify before you can access your account.
This way, even if your password gets compromised, another person cannot access your account without having access to your phone.
To turn on two factor authentication on your Google account:
- Go to http://gmail.com and sign in
- Select your avatar on the upper right hand corner (to the right of your email address) and select My Account
- Select Signing in to Google under “Sign-in & Security”
- Select Two-Step Verification
- Google will once again ask for your password, go ahead and enter it
- It will then ask for your phone number, type it in and click Next
- A verification code will be sent to your phone, type in that code and hit Next
- Finally click “Turn On”
And you’re done! Now every time you sign in from a new computer or device, you’ll need to verify that it’s truly you by entering the verification code. Most online services now offer two factor authentication such as Facebook, Twitter, Dropbox and most banks, I highly recommend turning it on wherever possible.