Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Security IN the Peoples Republic

    Scheduled Pinned Locked Moved Firewalling
    2 Posts 2 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A Offline
      Arisian
      last edited by

      Hey Guys,

      Man, I would LOVE some advice from some of you folks out there.  I live in China and run a photography and design business.  I'm def. not doing anything illegal, but at the same time I DEF. value my businesses intellectual property. Nonetheless, my office is set up w/ a pfsense box and a DD-WRT wireless router I have configured behind the pbx that just serves as a wireless AP to distribute my DHCP leases.

      I ran a pfsense box for a marketing firm as their 'make-shift' IT director in 2006-2007, but the security needs are much more laid back in that type of situation.  I was wondering if I could just get input and suggestions for how to set my pfsense box up here.

      For example, what I am doing right now

      • Trying to block a specific IP range (IE, the gov. has an information collection agencies in our town, and I often get IP addresses from them.  Infact, I often see a shared computer on my network (before) that was registered to this agency.  Any advice on how to block a range rather than doing it one by one

      • Blocking typical traffic in and out that I would do for a pbx in America.

      • Using Snort to try and determine possible intrusions.

      • Using very complicated passwords on all AP's (including hidden SSID, password with random spaces in it, non-sensical SSID if discovered, and MAC filtering)as well as non-descript computer names, network drives, etc,

      Beyond that, I know there is probably a good bit more than I can do, but at the same time, a good bit that I am at the mercy of this type of Gov. over.  I use an american based VPN for all secure business related emails and business transcations.

      Any other advice?  Sarcastic Comments?  What the Hell's?!

      Thanks so much,
      Arisian

      1 Reply Last reply Reply Quote 0
      • P Offline
        phospher
        last edited by

        Blocking typical traffic in and out that I would do for a pbx in America.

        just use a strict firewall policy. do not put a permit any to any rule in there. only permit what is needed. are you hosting a website or any other services?

        Using Snort to try and determine possible intrusions.

        there is a package in pfsense for this. install it and take a look.

        Using very complicated passwords on all AP's (including hidden SSID, password with random spaces in it, non-sensical SSID if discovered, and MAC filtering)as well as non-descript computer names, network drives, etc,

        hidden SSID's and mac filtering isn't going to buy you much if any at all. security by obscurity is a very bad practice. ssid's can still be sniffed and mac filtering is easily spoofed. what you need to be sure is that your using the strongest encryption available. you need WPA2 with AES. anything less is vulnerable.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.