Anyone using PfSence to increase security??

[nclr11111]

So we talk and discuss alot here at MT regarding security and software to enhance this.
I do feel we might miss one pretty important aspect of the security layer, at least i can´t find a thread about it, and thats how to increase the security provided by our router of choice.

There are alot of different routers and we all have different tastes in manufactor, firmware etc, but the question remains, are they safe or should we consider replacing them with something else?

Now, i´m no savvy when it comes to computers in general and networking in particular but i´ve been interested in pfSense for some time and slowly tried to get more info and knowledge to the point where i now consider trying to replace my Asus rt-n66u with pfSense.

Mostly this is down to my router being crazy hot since i have a fairly big sized network which is occupied with 4 heavy bandwidth users.....But pfSense seems also to be more configurable and, probably, more secure if setup right.

So, is there anyone in here who has taken this step in layered security and actually runs a pfSense router and if so, whats your opinion about this software??

* Hard to find the right topic for this question since it includes both sw and hw so admins feel free to move thread to other topic if you wish!*

If you never heard of pfsense i can recommend looking at this set of tutorials on Youtube which are VERY informative:

 

[ExoGen CyberSecurity]

I have a custom IDS with Snort (and a few other tools). I made it myself, this way is cheaper.

 

[nclr11111]

I have a custom IDS with Snort (and a few other tools). I made it myself, this way is cheaper.

Well since i already own most components needed to get a pfsense rig up and running and the sw itself is free the cost, for me, is virtually none. Except powerconsumption that is.

 

[ExoGen CyberSecurity]

If you can do it for FREE why not ? I also need to pay for power so ... yeah. I've set it up to protect my Linux and when I use my Windows 7 (even if I have Comodo with GodMode settings).

Personally, I think that some type of IDS is a must since the AV industry is dead. If you have some type of IDS you can use a sandbox and you should be fine.

 

[_CyberGhosT_]

I think a lot of the reason you wont see threads for stuff like this, is most of us here are not enterprise dependant,
which is who benefits most from setup's like this. I 'm not saying home users can't but most are not motivated to
spend the time and effort when a top of the line Router is pretty safe (at least here in the US) Even the marketers
of software and devices of this nature will tell you where the lions share of their market is, and it's not home users.
I would say Enterprise at the top of the list, then hobbyist's, then home users .
And thats listing them in order of who's most likely to spend "time" on projects of this nature
not just money.
Cool Share though

 

[nclr11111]

I think a lot of the reason you wont see threads for stuff like this, is most of us here are not enterprise dependant,
which is who benefits most from setup's like this. I 'm not saying home users can't but most are not motivated to
spend the time and effort when a top of the line Router is pretty safe (at least here in the US) Even the marketers
of software and devices of this nature will tell you where the lions share of their market is, and it's not home users.
I would say Enterprise at the top of the list, then hobbyist's, then home users .
And thats listing them in order of who's most likely to spend "time" on projects of this nature
not just money.
Cool Share though

Yeah. I could just increase the ventilation around my existing router, but that wouldn´t be as much fun...
So i´m guessing i´m a hobbyist homeuser with parts and time to spare!

 

[_CyberGhosT_]

Yeah. I could just increase the ventilation around my existing router, but that wouldn´t be as much fun...
So i´m guessing i´m a hobbyist homeuser with parts and time to spare!

Nothing wrong with that, keeps the noggin sharp

 

[Spiritus Sancti]

I will buy me a PC Engines apu2c4 in the next months to try out Sophos UTM Home Edition and pfSense.

 

[nclr11111]

I will buy me a PC Engines apu2c4 in the next months to try out Sophos UTM Home Edition and pfSense.

Plz report back how you liked pfsense!

 

[woodrowbone]

Appliances like this will greatly enhance your home security compared to even the most expensive "home routers".
Just look at all the "IoT" devices your home starts to get infested by
Take a look at Untangle.com, they even have a firmware released to use on some top of the line home routers I think.
That is of course if you do not have a spare pc to use, witch I prefer at all times if possible.
You have malware and intrusion detection directly at the router, I prefer to stop most of the malware and attacks there.
I think Untangle only charge home users 50$ a year for the full enterprise packet of modules.

Sophos UTM:s are completely free for home users, but in my experience more complicated to set up right.

/W

 

[woodrowbone]

Home routers like it is now will never be enough, the typical user just installs and forgets.
Resulting in old firmware's and vulnerability's, and last but not least, no malware filtering on the device.

Is Your Home Router Vulnerable to Hackers? - WSJ.com

In Untangle for example all setting and rules are predefined by Untangle, and new firmware are updated automatically.
This can also be done manually of course if you like to handle that by yourself.
Just choose what apps you like to have on your firewall:

Individual Applications | Untangle

You can have a look at a live firewall GUI here:

Untangle Administrator Login

/W

 

[nclr11111]

Home routers like it is now will never be enough, the typical user just installs and forgets.
Resulting in old firmware's and vulnerability's, and last but not least, no malware filtering on the device.

Is Your Home Router Vulnerable to Hackers? - WSJ.com

In Untangle for example all setting and rules are predefined by Untangle, and new firmware are updated automatically.
This can also be done manually of course if you like to handle that by yourself.
Just choose what apps you like to have on your firewall:

Individual Applications | Untangle

You can have a look at a live firewall GUI here:

Untangle Administrator Login

/W

Untangle or pfsense both enhance security and performance compared to regular FW/router. But both demand a dedicated hardware with (preferably) two NIC´s or more (there is a way around it but not a good one).
I´d say use whichever suits you taste better!

My taste is:
- Free (pfSense: YES, Untangle: NO), $50/year is way more than i´m interested in spending on a solution that still requires dedicated hardware.
- Better than existing router and firmware: Both YES!

Decision: pfSense!

 

[woodrowbone]

Actually Untangle starts as a free application, the 50$ is only if you would like to have all the extras. See the the link on the Apps I posted, the free ones are marked Free.
And, they also have a firmware you can replace the one in your existing router with, if you have a router that is compatible:

Firmware | Untangle

/W

 

[nclr11111]

Actually Untangle starts as a free application, the 50$ is only if you would like to have all the extras. See the the link on the Apps I posted, the free ones are marked Free.
And, they also have a firmware you can replace the one in your existing router with, if you have a router that is compatible:

Firmware | Untangle

/W

Hmm, i need to read more carefully in the future!
The Router Firmware would be nice to try out if i owned a RT-AC88U which would set me back ~$400. As far as i can see this is the only router that supports their firmware!?
But it looks interesting on a standalone HW. Missed there was a free platform.... Might try it out when i get around to buy a networkcard for my old C2D-comp that´s gathering dust in the attic.
Then i can try live which one i prefer! Thx for the heads up @woodrowbone !

 

[Deleted member 178]

If i was that paranoid (and had the cash), i rather buy a serious hardware firewall and set up a spare machine to mount an honeypot.

 

[woodrowbone]

If i was that paranoid (and had the cash), i rather buy a serious hardware firewall and set up a spare machine to mount an honeypot.

Untangle is a serious hardware firewall also, if you do not want to build it yourself:

Untangle Appliances | Untangle

Untangle, Inc. NG Firewall Appliances Achieves Firewall Certification from ICSA Labs | Untangle

The only difference beeing the hardware.

Another thing that I realy like with Untangle is that you can choose during install, (very easy to install by the way), is router or transperant mode.
In transparent mode you hook it up to your existing firewall and let the traffic get filtered for malware etc, before it reaches your switch and all stuff behind it.

/W