GovCloud Compliance of Google vs. pfSense Open Source Security and Privacy Interests
-
Hi all. So my home community edition router which has been in operation since before I went to school for cyber security, but for a network with exactly 1 unsophisticated user and one skilled security engineer and no possible internal threat actors due to the WPA 2 WiFi with completely unique password. A pfsense box with with automatic updates I have consistently operated internally has been breached by a Google Historic Password matching the current access password and I am blocked out from changing the password to one of sufficient quality to bypass brute force attempts by the government currently. This is a John McCaffee (Sic) moment in my history and in that of my 50,000 member sole proprietorship. Please advise to the best of your ability and being offline is not an option.
-
Edit. Third user an “early childhood educator” just walked into the home.
-
MAC Address
3c:84:6a:bc:55:12
Client identifier
AssholerogueAP (all lower)
IP I assigned
0.0.0.0 -
Why do you think it has been 'breached'?
You think there is a rogue access point on your network?
-
@AlphaSecurity said in GovCloud Compliance of Google vs. pfSense Open Source Security and Privacy Interests:
I am blocked out from changing the password to one of sufficient quality
Your saying your pfsense was breached, you had it open to the public? The web gui is not available to the public internet out of the box..
If someone accessed your pfsense and changed the password, just console in and reset the password. You then for good measure reinstall clean, etc. The pfsense gui should never be exposed to the public internet without restrictions on what IP can access, or only via vpn access, etc.
-
S stephenw10 moved this topic from TNSR Feedback on
