Important packages to stop hackers

Firewalldude89 · Aug 5, 2023, 3:21 PM

HI all

I can now log into the admin page on the web, I only use IPv4 and link local on IPv6.
What packages are important to stop hackers?

Should I enable interface on both LAN and WAN on Snort and Suricata?

SteveITS · Aug 5, 2023, 4:23 PM

@Firewalldude89 inbound traffic on WAN is disallowed by default.

Don’t run both Snort and Suricata, they do the same thing. I suggest Suricata as Snort on pfSense apparently has a limited life. Run it on LAN so you can see which PCs are triggering alerts.

Firewalldude89 · Aug 5, 2023, 4:26 PM

@SteveITS Thanks, I think there is a considerable breakthrough now on this technology issue.
Am such a stressed tech noob on this, but am learning

Firewalldude89 · Aug 5, 2023, 4:35 PM

@SteveITS Is it unnecessary to run it on WAN?

SteveITS · Aug 5, 2023, 4:47 PM

@Firewalldude89 IDS on WAN will work but runs outside the firewall so will scan every inbound packet even ones that will be immediately dropped. On LAN it will scan only allowed packets.

Firewalldude89 · Aug 5, 2023, 6:22 PM

@SteveITS How do I turn WAN on and turn the default setting off?

Phizix · Aug 5, 2023, 6:56 PM

@SteveITS said in Important packages to stop hackers:

I suggest Suricata as Snort on pfSense apparently has a limited life.

@SteveITS,

I currently run Snort. Is EOL planned for it? If so when I finish transferring to my new 8200 I will set up Suricata.

Phizix

SteveITS · Aug 5, 2023, 7:40 PM

@Phizix see https://forum.netgate.com/topic/180501/snort-v3/5

SteveITS · Aug 5, 2023, 7:42 PM

@Firewalldude89 for Suricata? It has a page to add/copy/delete it on an interface.

Phizix · Aug 5, 2023, 9:06 PM

@SteveITS,

Thank you that was helpful. So I will plan on moving to Suricata on the 8200 when I get it all set up.

Phizix