Neal Flowers
August 18, 2021

Open-source Security Spotlight: pfSense

The open-source community has given the world too much for me to list out. However, one example is out of this world...literally. Ingenuity, a Mars Helicopter, took its first flight earlier this year, which was largely due to open-source developers. Many of those developers did not know how their contributions were being used and that led to an awareness-oriented campaign, putting a Mars Helicopter Mission Badge on relevant GitHub profiles. Linux, the Chromium web browser, and a Mars Helicopter!

“Many of the people who are getting a badge probably have no idea their software is being used to fly a helicopter on another planet.” Martin Woodward, GitHub Senior Director of Developer Relations

But I digress! Coming back to Earth, have you heard of pfSense? It is an open-source network security solution built on the FreeBSD operating system. It is commonly used as a firewall but can be configured to do much more.

Intrusion Detection System (IDS) or Intrusion Prevention System (IPS)

Installing Snort (or Suricata) software will allow you to use pfSense as an IDS/IPS.

“Snort is an intrusion detection and prevention system. It can be configured to simply log detected network events to both log and block them. Thanks to OpenAppID detectors and rules, Snort package enables application detection and filtering. The package is available to install in the pfSense® web GUI from System > Package Manager. Snort operates using detection signatures called rules. Snort rules can be custom created by the user, or any of several pre-packaged rule sets can be enabled and downloaded.” Pasted from the setup instructions here.

Malicious Content Filter (pfBlockerNG)

Block malicious content on your network, including advertising and email related content, by installing the pfBlockerNG software package. This is another great way to help reduce risk. There is no perfect, fool-proof solution out there. But having something in place is better than nothing!

Building on its basic functionality, through the installation of additional software (in some cases) and a little elbow grease, here are some additional features that can be enabled:

Check out the complete list of packages here. When ready to install, go to System à Package Manager à Available Packages.

The versatility of pfSense allows it to run on a wide variety of hardware, making it easier for testing in a lab environment, before implementing in a production one. Here are some other reasons I’m a fan:

Great for beginners

  • Get hands-on experience to gain mastery of security concepts.
  • Lessons learned in a lab environment stay with the individual.

Budget friendly

  • The community edition is free.

Commercial options are available

It's well maintained

  • Supported by an active community with frequent releases.

 Did I mention it is built with open-source software?

Ready to get involved in the pfSense community? Click here to find out how.

Hopefully this post has introduced (or reintroduced) some of you to pfSense. Whether you are a seasoned cybersecurity professional or just getting started, there are many reasons why it is worth checking out:

  • Improve the security posture of your organization’s network
  • Learn the ins and outs of firewall management, fostering growth and development
  • Use existing hardware to get a solid security solution in place until budget opens up
  • Implement security features that aren’t currently present - do you have an IPS/IDS in your environment?

If you have unused hardware lying around (new or old), why not install it and see what it’s about? If you do, let me know how it goes!

Additional Resources and Helpful Links:

1)    https://www.pfsense.org/getting-started/

2)    https://www.pfsense.org/download/

3)    https://www.netgate.com/blog/application-detection-on-pfsense-software

4)    https://www.patreon.com/pfBlockerNG

5)     https://www.youtube.com/c/NetgateOfficial/videos

If you have questions about this blog or need help with a current incident, we're here to help. Contact a MOXFIVE Technical Advisor at ask@moxfive.com or use our Contact form.

Neal Flowers

Neal comes to MOXFIVE with 20+ years combined IT infrastructure and cybersecurity knowledge gained through entrepreneurship, corporate and military experiences.

Experts predict there will be a ransomware
attack every 11
seconds in 2021.
from Cybercrime Magazine

HOW WE CAN HELP

Our mission is to minimize the business impact of cyber attacks. 

Incident Management

MOXFIVE provides the clarity and peace of mind needed for attack victims during the incident response process. Our Technical Advisors serve as an Incident Coordinator to clearly define the incident, the action plan to be executed, and manage the incident response efforts.

Learn More

Business Resilience

With experience on the front lines responding to incidents daily, MOXFIVE Technical Advisors have the unique ability to connect the dots between business, information technology, and security objectives to help you quickly identify the gaps and build a more resilient environment.

Learn More