- Oct 3, 2022
- 910
It is more than a firewall. Your Windows has a firewall. But the Netgate has an intrusion prevention system (IPS). It can recognize and stop attacks like SLIVER (an attack framework, like the older Cobalt Strike , very popular among cybercriminals now).
Netgate is the hardware arm of PFSense, a mature opensource firewall platform. Opensource license means there has to be a free version, and that's what I have used before. But I don't have a free older PC right now so I am essentially buying the hardware. And at $189 it is not too pricey.
It also has VLAN, VPN and commercial grade routing protocols and integrates with corporate networks well.
PFsense has many plugins. Among them is snort IPS and suricata IPS. Snort has been bought by Cisco in 2013. Cisco , if you don't know, Cisco has 76% of market share in networking equipment. It is good to have the resouces of a huge company like Cisco to fund your development. Cisco also has a well known security intelligence and research team called TALOS. And I also subscribe to their Snort ruleset at $30/yr. If you only use their community rule set, it is up to 30 days old, which is useless in todays security environment; you need up to the minute rules to be effective, and Netgate updates every 6 hrs. Security intelligence is pricy, and can fetch prices of more than $1000, so the $30 price for individual security pro's is a great deal.
Intusion Protection Systems stops exploits and hack attacks. It blocks malicious traffic: dropping suspicious packets or blocking traffic from the source IP address that's attempting the attack and terminates the connections. It protects against exploits that target known software vulnerabilities Even if a patch for a vulnerability hasn't been applied yet (a "zero-day" vulnerability), an IPS can often detect and block attempts to exploit it based on its behavior. Proper security has to be done in layers, you've probably heard of 'layers of security' and an IPS is a good example. If one layer fails you should have another. They teach that in cybersecurity courses.
If you like newer technology you can use the suricata IPS. It too is opensource. Like snort it has a big community. It has advancements not present in snort, like JA4, which is a TLS fingerprinting technology.
An IPS is critical for security. It stops malicous attacks at the perimeter and protects all the PCs in the LAN. Big corps have fancier tech like next gen firewalls for example brands like Palo Alto and Sonicwall. And they are priced according to their network throughput capacity. (if you have 500 staff you better have the bandwidth) And all of them has big price tags for their security add-ons. We are lucky there are opensource products for security pros. Don't let the free price tag fool you, corporations use a lot of opensource in the cloud. When you are using Google Cloud, Amazon AWS or MS Azure, there is no place for them to plug in a hardware firewall and it's security add-ons. And these corps have a vested interest in maintaining the communities of snort and suricata. Their security teams share IoC and IPS rules to the community. Because stopping attacks is good for the ecosystem. Ir is the same argument as why MS develops free security products to embed in Windows and why MS offers security updates even to those who runs non-licensed Windows Pro.
The only catch, Netgate makes firewalls, and in their eyes, WiFi belongs to an WiFi access point. So you have to use a cheap WiFi router behind the Netgate if you want WiFi. For city dwellers in apartment complexes, WiFi is no good because your perimeter is gone, people from several levels above and below can reach you.
Netgate is the hardware arm of PFSense, a mature opensource firewall platform. Opensource license means there has to be a free version, and that's what I have used before. But I don't have a free older PC right now so I am essentially buying the hardware. And at $189 it is not too pricey.
It also has VLAN, VPN and commercial grade routing protocols and integrates with corporate networks well.
PFsense has many plugins. Among them is snort IPS and suricata IPS. Snort has been bought by Cisco in 2013. Cisco , if you don't know, Cisco has 76% of market share in networking equipment. It is good to have the resouces of a huge company like Cisco to fund your development. Cisco also has a well known security intelligence and research team called TALOS. And I also subscribe to their Snort ruleset at $30/yr. If you only use their community rule set, it is up to 30 days old, which is useless in todays security environment; you need up to the minute rules to be effective, and Netgate updates every 6 hrs. Security intelligence is pricy, and can fetch prices of more than $1000, so the $30 price for individual security pro's is a great deal.
Intusion Protection Systems stops exploits and hack attacks. It blocks malicious traffic: dropping suspicious packets or blocking traffic from the source IP address that's attempting the attack and terminates the connections. It protects against exploits that target known software vulnerabilities Even if a patch for a vulnerability hasn't been applied yet (a "zero-day" vulnerability), an IPS can often detect and block attempts to exploit it based on its behavior. Proper security has to be done in layers, you've probably heard of 'layers of security' and an IPS is a good example. If one layer fails you should have another. They teach that in cybersecurity courses.
If you like newer technology you can use the suricata IPS. It too is opensource. Like snort it has a big community. It has advancements not present in snort, like JA4, which is a TLS fingerprinting technology.
An IPS is critical for security. It stops malicous attacks at the perimeter and protects all the PCs in the LAN. Big corps have fancier tech like next gen firewalls for example brands like Palo Alto and Sonicwall. And they are priced according to their network throughput capacity. (if you have 500 staff you better have the bandwidth) And all of them has big price tags for their security add-ons. We are lucky there are opensource products for security pros. Don't let the free price tag fool you, corporations use a lot of opensource in the cloud. When you are using Google Cloud, Amazon AWS or MS Azure, there is no place for them to plug in a hardware firewall and it's security add-ons. And these corps have a vested interest in maintaining the communities of snort and suricata. Their security teams share IoC and IPS rules to the community. Because stopping attacks is good for the ecosystem. Ir is the same argument as why MS develops free security products to embed in Windows and why MS offers security updates even to those who runs non-licensed Windows Pro.
The only catch, Netgate makes firewalls, and in their eyes, WiFi belongs to an WiFi access point. So you have to use a cheap WiFi router behind the Netgate if you want WiFi. For city dwellers in apartment complexes, WiFi is no good because your perimeter is gone, people from several levels above and below can reach you.
Last edited: