Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Run PfSense from write-protected USB pendrive

    Installation and Upgrades
    3
    4
    983
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dziabaq last edited by

      Dears,

      Is any possibility to install and run PfSense from write-protected USB pendrive?
      Maybe is a chance to move temporary files to unprotected area ( ordinary HDD )

      Then set the pfSense automatically resets at midnight, starting from a secured USB
      This would allow for a significant increase in security in the event of the hacker attack

      The system would be "flushed" from malicious software or configuration changes…

      What do you think of this functionality?

      friendly regards...
      Dziabaq

      1 Reply Last reply Reply Quote 0
      • F
        fatsailor last edited by

        Doable but why not just use the live CD with a write protected pendrive for your config (other than you need a CD drive also)?

        1 Reply Last reply Reply Quote 0
        • D
          dziabaq last edited by

          Hi,

          This make sense, but CD is slow and exposed to dirt and mechanical failures.
          USB is much, much, faster and there is no mechanical part's inside.

          Second question is, how to set automatic reboot at midnight?

          1 Reply Last reply Reply Quote 0
          • D
            dreamslacker last edited by

            You can do it with a USB thumbdrive (I'm assuming there is a hardware switch on the USB drive to write-protect it).

            First, you need to install the Cron package (easier to do this with GUI).

            Next use the Crontab to set a job at midnight?, daily, to run a shutdown with restart command for the reboot.
            Command will be:  shutdown -r now

            Go to diagnostics -> NanoBSD.  Disable all Backup jobs (if any) so pfSense doesn't try to write to disk.

            After you are done with all that, re-enable the Write protect.

            To be honest, this is probably not required at all.  What you should focus on is to secure your hosted services, enforce good passwords policies, and keep your clients/ servers actively protected with anti-malware software suites.
            Further, don't expose the WebGUI/ Telnet/ SSH for the pfSense box to the internet.
            In all likelihood, it will be your hosted services (servers and such) that get compromised rather than the pfSense box itself.  You can setup SNORT to further protect such hosts.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post

            Products

            • Platform Overview
            • TNSR
            • pfSense
            • Appliances

            Services

            • Training
            • Professional Services

            Support

            • Subscription Plans
            • Contact Support
            • Product Lifecycle
            • Documentation

            News

            • Media Coverage
            • Press
            • Events

            Resources

            • Blog
            • FAQ
            • Find a Partner
            • Resource Library
            • Security Information

            Company

            • About Us
            • Careers
            • Partners
            • Contact Us
            • Legal
            Our Mission

            We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

            Subscribe to our Newsletter

            Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

            © 2021 Rubicon Communications, LLC | Privacy Policy