Help Me Secure my Network
I found after using this remarkable OS,that I was simply compelled to join your forum. Its absolutely Great, so, here I am :p
So, I installed pf on a stand alone machine - no keyboard/mouse/VGA, just power and a network card.And it working fine (now I only need a WIRELESS SIGNAL METER).
However. I'd like some Basic Ideas on how to go about securing my network.
I'll explain what its like - its really basic.
2 NICs in the RIG.
One cisco wireless card thats connected to an AP giving me an internet connection, and another card that goes to my switch, which connects the home PCs to each other, and the internet (via the PF system of course). Thats it.
I installed PF, and its been running on default settings (with the exception of the admin PW for the webgui).
But I'm not certain just how much protection that gives (everything else being default). I'd like to know what other parameters I can configure inside PF to make things more tight. Because the PCs behind PF WONT be using a firewall.
The wireless router operates on the 192.168.1.x range.
My home network (behind PF) is using 192.168.0.x
only 2 computers are inside (behind PF).
So pf is just acting as a firewall and passing on the connection, because the PCs have been hacked (no competent firewall that allows ICS,protection,and remote administration, hence that arbitration.
So thats it, I hope you guys will have something good for me ^_^
Thanks in advance.
Its already secured though once you use pfsense :) also remove default to any rule. Just add what you wanna use ports.
Well, that would sure be a task! Considering how many programs on average access the internet from my PC.
I would have to spend QUITE A WHILE manually imputing those.
Is there some method to… fast track this?
You only need to allow ports on your WAN side for connections initiated from outside your network. For most activities such as browsing the web, streaming video, chat, etc you won't need to open any ports. The default LAN rule allows your inside computers to initiate any connection with computers outside the LAN.
I thought that allowing /disallowing ports meant - completely doing so.
Thanks much for that tip! -
I'll look around in the rules page and figure out how to stop that.
isn't that unsecure? if a trojan is executed from within, how do you stop it? i would have thought that outgoing rules are just as important as the incoming ones eg only allow outgoing destination ports http>anywhere, https>anywhere, dns>my isp dns servers etc?
louis-m has a point. It depends on how far you want to go. If you really have a lot of programs accessing the Internet through many different ports then you would have to set those up to explicitly allow outbound traffic only on those ports. It all depends on what you consider more important.