General security

  • Firstly sorry if this has already been asked but I can't seem to find an answer as of yet.

    Although I've only had pfSense for a couple of weeks now I'm loving it. Now I'm moving onto additional packages (currently made my way through encryption through OpenVPN, Suricata and Snort) but I was wondering what other packages are made for the security / privacy of the network. It would be handy if there was a short list that explained the additional packages or every perhaps categories within the package manager itself. For me at least (coming from a point of relative inexperience) it's hard to tell if a package is made for hosting servers or security.

    Again, sorry if this has been asked before or is too generic. Thanks for your time, Respectfully.


  • Hi,

    It's ok if you want to test drive every package, but keep in mind that pfSense, as it delivered, is already safe.
    A package like snort could very easily add insecurity to your network. Because you think it's adds security, but you do not know what it does, neither how to set it up, neither how to check it. You think it does job the job for you, but actually, it's the other way around : a tool will be as good for you as as you understood it.
    When you reached that point, you can tell in a split second if you need package X or Y.
    By default : you need nothing.

    If a users wants to visit site that contains files loaded with viruses, etc, well, that up to the user, right ?
    It's like our cars : the are not limited to 90 km/hours or xx miles/hours. Some cars can make more then x/hours : up to you not to do so.

    I'll present you another simple rule : it's not because package exists that they all should be used - a very recent thread, elsewhere on the forum, already treats the same subject.
    If security is a real issue for you, start educating the end users. The sad thing is : this isn't available as a package.

    edit : found it : read it.

  • Hi John,

    I am not very experienced with pfSense either, but I have spent several months time with setting up the box and digging into different packages. You already mentioned most of these, but speaking from my own limited experience and setup, below is what I have and some of my knowledge on them.

    Great for secure remote access.

    Great for URL filtering and added security depending on the lists used. I followed this awesome tutorial on YouTube to help get that setup the way I wanted. You don't have to use all the lists and examples in that video, but it's a great start. For example, the ad blocking helps prevent users from doing things they shouldn't be doing like clicking on Google ads that say "Official Microsoft site" but the URL is clearly not right and can take them to a potentially malicious site. This saved me a few times at least. I use most of the lists in that video along with some of the easy lists included in the package.

    I originally used Snort, but I had a fatal issue with it when Snort ran into some updated rules which it didn't know what to do with. To me, having an IPS with a few missing rules is better than having one that chokes on those few faulty rules and not run at all. I ended up switching to Suricata instead which uses many of the same rules and categories anyway.

    Squid with ClamAV
    Squid is being used as a caching web proxy server which all my clients go through. The web proxy wasn't really needed, but the anti-virus on the firewall level was the main selling point to me. That is done thanks to ClamAV included in the Squid package. On my setup, ClamAV is only scanning http traffic and not https. Technically it could be setup to do both. I personally am staying away from that for reasons discussed throughout these forums.

    Good luck.

Log in to reply