The open-source community has given the world too much for me to list out. However, one example is out of this world...literally. Ingenuity, a Mars Helicopter, took its first flight earlier this year, which was largely due to open-source developers. Many of those developers did not know how their contributions were being used and that led to an awareness-oriented campaign, putting a Mars Helicopter Mission Badge on relevant GitHub profiles. Linux, the Chromium web browser, and a Mars Helicopter!
“Many of the people who are getting a badge probably have no idea their software is being used to fly a helicopter on another planet.” Martin Woodward, GitHub Senior Director of Developer Relations
But I digress! Coming back to Earth, have you heard of pfSense? It is an open-source network security solution built on the FreeBSD operating system. It is commonly used as a firewall but can be configured to do much more.
Intrusion Detection System (IDS) or Intrusion Prevention System (IPS)
Installing Snort (or Suricata) software will allow you to use pfSense as an IDS/IPS.
“Snort is an intrusion detection and prevention system. It can be configured to simply log detected network events to both log and block them. Thanks to OpenAppID detectors and rules, Snort package enables application detection and filtering. The package is available to install in the pfSense® web GUI from System > Package Manager. Snort operates using detection signatures called rules. Snort rules can be custom created by the user, or any of several pre-packaged rule sets can be enabled and downloaded.” Pasted from the setup instructions here.
Malicious Content Filter (pfBlockerNG)
Block malicious content on your network, including advertising and email related content, by installing the pfBlockerNG software package. This is another great way to help reduce risk. There is no perfect, fool-proof solution out there. But having something in place is better than nothing!
Building on its basic functionality, through the installation of additional software (in some cases) and a little elbow grease, here are some additional features that can be enabled:
Check out the complete list of packages here. When ready to install, go to System à Package Manager à Available Packages.
The versatility of pfSense allows it to run on a wide variety of hardware, making it easier for testing in a lab environment, before implementing in a production one. Here are some other reasons I’m a fan:
Great for beginners
Budget friendly
Commercial options are available
It's well maintained
Did I mention it is built with open-source software?
Ready to get involved in the pfSense community? Click here to find out how.
Hopefully this post has introduced (or reintroduced) some of you to pfSense. Whether you are a seasoned cybersecurity professional or just getting started, there are many reasons why it is worth checking out:
If you have unused hardware lying around (new or old), why not install it and see what it’s about? If you do, let me know how it goes!
Additional Resources and Helpful Links:
1) https://www.pfsense.org/getting-started/
2) https://www.pfsense.org/download/
3) https://www.netgate.com/blog/application-detection-on-pfsense-software
4) https://www.patreon.com/pfBlockerNG
5) https://www.youtube.com/c/NetgateOfficial/videos
If you have questions about this blog or need help with a current incident, we're here to help. Contact a MOXFIVE Technical Advisor at [email protected] or use our Contact form.
MOXFIVE provides the clarity and peace of mind needed for attack victims during the incident response process. Our platform approach enables victims of attacks to work with a Technical Advisor who provides the expertise and guidance needed in a time of crisis, and facilitates the delivery of all technical needs required, consistently and efficiently.
Learn MoreWith experience on the front lines responding to incidents daily, MOXFIVE Technical Advisors have the unique ability to connect the dots between business, information technology, and security objectives to help you quickly identify the gaps and build a more resilient environment.