What packages do you use to secure your network?
-
Just curious what steps everyone here uses to secure their network.
Right now I'm using Snort, HAVP, and Country Block. There are a few other packages that I'm considering using (more blacklists), but not sure if they're worth it. As it is now, I get a lot of false positives, but still have plenty of bad traffic (viruses) making it's way through.
Anyways… how is your network secured?
Justin
-
Im going to assume just packages on PF as thats all you listed
Snort- no blocking as on one system it likes to block itself, just lets me know about the malicious traffic
Squid- speed up Internet, also can prove who did what if accused of something because of the http logs
Country Block-I block country's I dont like in and out
Cron- i run clamav, other stuff listed there is standard or required by a package
dashboard-see everything at a glance
phpSysInfo- see how components are doing
nut-so it turns off gracefully
ntop/darkstat-mostly for statistics and future planning
nmap-basic scanning from fw, for more basic i use a diff system