secure your networks with the opensource firewall pfsense
play

Secure your Networks with the Opensource Firewall pfSense - PowerPoint PPT Presentation

Feb 21, 2023 •154 likes •512 views

Secure your Networks with the Opensource Firewall pfSense hagen.bauer@rusticus-consulting.de Agenda About me Why something new? My provider gave me a fjrewall. What exactly is pfSense? Its an easy start More complex

  1. Secure your Networks with the Opensource Firewall pfSense hagen.bauer@rusticus-consulting.de

  2. Agenda ● About me ● Why something new? My provider gave me a fjrewall. ● What exactly is pfSense? ● It’s an easy start ● More complex scenarios are easy to implement ● Summary

  3. About Me ● First job: technical sales for enterprise collaboratjon sofuware ● neither sysadmin nor network engineer ● Power User with “learning by doing” ● pfSense in my home offjce since 2009 – 10 PCs, 4 Server, 8 mobile devices, – Home automatjon, Freifunk, Sonos, Asterisk – 2 Tor Nodes – 4 VLANs – Dual WAN ● netgate authorized partner

  4. Why something new? My provider gave me a fjrewall.

  5. Firewall Market (roughly) ● Enterprise solutjons – $$$$ ● Home use devices – Cheap – Simple but growing set of functjons – Bad track record in regards of security updates

  6. Devices for Home Use ● Missing functjons for small / medium enterprises and family use. – Logging – Site to site connectjons / VPN – Bandwidth limitjng – Network segmentatjon – Multj WAN – Outgoing block of traffjc

  7. LAN local branch your parents Internet DMZ LAN IOT VOIP

  8. So what exactly is pfSense?

  9. pfSense Overview ● Based on FreeBSD – Popular OS plaform for network- and security products – Juniper Junos, NetApp, NetASQ, Cisco IronPort, Citrix, Netglix, etc... ● Administratjon via web interface ● Connects the base components of FreeBSD in one easy to use web user interface ● More functjons then most commercial products

  10. Project History ● Started in 2004 as fork from m0n0wall 1.2 - 02/2008 (FreeBSD 6.2) 2.0 - 09/2011 (FreeBSD 8.1) 2.1 - 09/2013 (FreeBSD 8.3) 2.2 - 01/2015 (FreeBSD 10.1) 2.3 - 04/2016 (FreeBSD 10.3) 2.4 - 10/2017 (FreeBSD 11.1)

  11. Comprehensive Feature Set ● DHCP Server ● Intrusion Detectjon ● DHCP Relay ● PKI ● DNS Resolver ● HA ● Dynamic DNS ● Captjve Portal ● Load Balancer ● Freeradius3 ● Multj WAN ● Squid ● Wake on LAN ● … ● VLAN ● ...

  12. Runs On ● Your own hardware – Min CPU - 500 Mhz RAM - 512 MB ● Appliances from Netgate – Preconfjgured and optjmized – With or without support ● In the cloud – Microsofu Azure / Amazon Cloud ● Hardware requirements depend on throughput and installed packages

  13. It’s an easy start

  14. Scenario 1: Base Installatjon Internet ISP 1 10.17.1.100 Head office 172.17.1.1 LAN 172.17.1.0/24 172.17.1.100

  15. Demonstratjon Base Installatjon

  16. Szenario 1: Base Installatjon Internet ISP 1 10.17.1.100 Head office 172.17.1.1 LAN 172.17.1.0/24 172.17.1.100

  17. Firewall Rules ● Rules are inbound (to the pfSense box) ● First rule wins, the rest will be ignored ● Stateful fjltering ● Aliases simplify the administratjon and reduce possibilitjes of errors – IP addresses – Networks – Hostnames – Ports

  18. More complex scenarios are easy to implement

  19. Advanced Features ● VPN ● DMZ and network segmentatjon ● Bandwidth limitatjon ● Logs of confjguratjon changes

  20. Virtual Private Network ● Connectjon to remote offjces or mobile clients ● IPSec – Standard clients on OS X, iOS, Android – Interoperable ● OpenVPN – Clients behind NAT – Very easy client confjguratjon

  21. LAN 172.18.1.0/24 172.18.1.100 ● Architektur 172.18.1.1 Local branch 10.18.1.100 Internet ISP 1 10.17.1.100 Headquarter 172.17.1.1 LAN 172.17.1.0/24 172.17.1.100

  22. Szenario: Connect 2 Offjces ● Server – Defjnitjon of the VPN server – Open fjrewall for OpenVPN – Defjne network traffjc for VPN tunnel ● Client – Defjnitjon VPN client ● Connectjon test

  23. Demo: Connect 2 Offjces

  24. LAN 172.18.1.0/24 172.18.1.100 ● Architektur 172.18.1.1 Local branch 10.18.1.100 Internet ISP 1 10.17.1.100 Headquarter 172.17.1.1 LAN 172.17.1.0/24 172.17.1.100

  25. Network Segmentatjon ● Base component of network security ● Physical or virtual (VLAN) ● Privat use: IOT, VOIP, „YourChildsLAN” ● Business use: DMZ, old OS in manufacturing facilitjes

  26. LAN 172.18.1.0/24 172.18.1.100 ● Architektur 172.18.1.1 Local branch 10.18.1.100 Internet ISP 1 10.17.1.100 Headquarter 172.17.1.1 DMZ LAN 172.17.2.0/24 172.17.1.0/24 172.17.1.100 172.17.2.10

  27. Szenario 3: DMZ ● Defjnitjon Network / DHCP ● Test Ping – HQ LAN → DMZ => OK – DMZ → HQ Intranet => Error – DMZ → Internet => Error – Branch → DMZ Server => NA ● Port forward to webserver in DMZ ● Test Webserver – Branch → DMZ Server => OK

  28. Demo: DMZ ● Video

  29. LAN 172.18.1.0/24 172.18.1.100 ● Architektur 172.18.1.1 Local branch 10.18.1.100 Internet ISP 1 10.17.1.100 Headquarter 172.17.1.1 DMZ LAN 172.17.2.0/24 172.17.1.0/24 172.17.1.100 172.17.2.10

  30. Scenario 4: Traffjc Shaping ● “Managed unfairness of bandwidth” instead of FIFO ● Queues defjne prioritjes ● Rules manage the queues ● Two methods – Limiter: hard boundary – Traffjc Shaper (ALTQ)

  31. Demo 4: Traffjc Shaping

  32. Confjguratjon History ● Necessary to be GDPR compliant ● Automatjc backup of every change ● “Go back to last version” (save your a**) ● Who did what at what tjme?

  33. Demo: Confjguratjon History

  34. Summary ● Standard device supplied by your provider do not match your growing need. ● pfSense stands out due to – Low / no pre-investments – Enterprise level feature set – Enterprise support if needed – No running license fees of individual capabilitjes (ports / user) ● Ideal start for – Small and medium companies – High end home offjce – Domestjc home

  35. Secure your Networks with the Opensource Firewall pfSense hagen.bauer@rusticus-consulting.de

Recommend

Firewalls Summary Brief History of Firewalls What is a Firewall? Why Firewalls?

Firewalls Summary Brief History of Firewalls What is a Firewall? Why Firewalls?

Firewalls Summary Brief History of Firewalls What is a Firewall? Why Firewalls? Network Address Translation Types of Firewalls Linux/Windows Firewalls pfSense Blue Team Activity Brief History Firewall

348 views • 30 slides
Firewalls in FreeBSD and OpenBSD What is firewall? firewall is a method of protecting hosts

Firewalls in FreeBSD and OpenBSD What is firewall? firewall is a method of protecting hosts

Firewalls in FreeBSD and OpenBSD What is firewall? firewall is a method of protecting hosts and networks connected to other hosts and networks against attacks from the outside and from the inside. a firewall is a network security system

440 views • 30 slides
Firewall and IDS/IPS What is a firewall? firewall = wall to protect against fire propagation

Firewall and IDS/IPS What is a firewall? firewall = wall to protect against fire propagation

Firewall and IDS/IPS What is a firewall? firewall = wall to protect against fire propagation controlled connection between networks at different security levels = boundary protection ( L1 > L2 ) network at network at security

1.07k views • 67 slides
Secure Networks Presentation to Plymouth State University IT Systems &

Secure Networks Presentation to Plymouth State University IT Systems &

Secure Networks Presentation to Plymouth State University IT Systems & Networking Staff Fall 2003 Security By Isolation Our Network Servers Internet Public Fac/Staff Firewall Wireless ResNET Border Security

443 views • 26 slides
Sophos XG Firewall IP Partners ICT Systems & Services www.ippartners.gr XG Firewall

Sophos XG Firewall IP Partners ICT Systems & Services www.ippartners.gr XG Firewall

Sophos XG Firewall IP Partners ICT Systems & Services www.ippartners.gr XG Firewall Overview Todays top firewall problems What IT managers say about their existing firewall Firewall Satisfaction Survey (Spiceworks 2017) Top

548 views • 52 slides
Firewall Architectures for High-Speed Networks Errin W. Fulp DOE Network Research PI Meeting

Firewall Architectures for High-Speed Networks Errin W. Fulp DOE Network Research PI Meeting

Firewall Architectures for High-Speed Networks Errin W. Fulp DOE Network Research PI Meeting September 28, 2005 1 Project Objectives Methods that improve network firewall performance 1. Develop policy optim ization techniques Formal

221 views • 9 slides
Firewall What is it? Do we need one? Oxford Hills School District March 5, 2018 What is a

Firewall What is it? Do we need one? Oxford Hills School District March 5, 2018 What is a

Firewall What is it? Do we need one? Oxford Hills School District March 5, 2018 What is a firewall? Term first used in 1851 Henry Ford used them to protect passengers from engine fires, smoke and heat. Computer networks: a part of a

500 views • 21 slides
Parallel Firewall Designs for High-Speed Networks Ryan J. Farley WAKE FOREST US Department of

Parallel Firewall Designs for High-Speed Networks Ryan J. Farley WAKE FOREST US Department of

Wake Forestp pComputer Science + DOE MICS Parallel Firewall Designs for High-Speed Networks 1 Parallel Firewall Designs for High-Speed Networks Ryan J. Farley WAKE FOREST US Department of Energy U N I V E R S I T Y Computer Science Network

1.21k views • 49 slides
Hacking Lucene for Custom Search Results Doug Turnbull OpenSource Connections OpenSource

Hacking Lucene for Custom Search Results Doug Turnbull OpenSource Connections OpenSource

Hacking Lucene for Custom Search Results Doug Turnbull OpenSource Connections OpenSource Connections Hello Me @softwaredoug dturnbull@o19s.com Us http://o19s.com - Trusted Advisors in Search, Discovery & Analytics OpenSource

479 views • 44 slides
Using a firewall to control traffic in networks 1 Example Network .35 .12 .36 .11 3.3.3.0/24

Using a firewall to control traffic in networks 1 Example Network .35 .12 .36 .11 3.3.3.0/24

Using a firewall to control traffic in networks 1 Example Network .35 .12 .36 .11 3.3.3.0/24 1.1.1.0/24 Rd .1 Ra .4.1 .4.4 1.1.0.0/16 Rc 2.2.2.0/24 .1 .4.2 .1 .23 Rb .47 Re .15.6 .99 1.1.2.0/24 4.4.4.0/24 .24 2 Firewall

708 views • 13 slides
Ubiquitous and Secure Networks and Services Ubiquitous and Secure Networks and Services

Ubiquitous and Secure Networks and Services Ubiquitous and Secure Networks and Services

Ubiquitous and Secure Networks and Services: SunSpot Development Platform Ubiquitous and Secure Networks and Services Ubiquitous and Secure Networks and Services Ubiquitous and Secure Networks and Services Ubiquitous and Secure Networks and

489 views • 25 slides
Network Security: Continued CS 236 On-Line MS Program Networks and Systems Security Peter

Network Security: Continued CS 236 On-Line MS Program Networks and Systems Security Peter

Network Security: Continued CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture 10 Page 1 CS 236 Online Firewall Configuration and Administration Again, the firewall is the point of attack for intruders

375 views • 16 slides
Lane ESD Technology Services Core Firewall Overview Districts Behind Firewall Blachly

Lane ESD Technology Services Core Firewall Overview Districts Behind Firewall Blachly

Lane ESD Technology Services Core Firewall Overview Districts Behind Firewall Blachly Creswell Crow-Applegate-Lorane Fern Ridge Junction City Lowell Mapleton Screened, but exempt from policies Marcola

539 views • 15 slides
Firewall vs. Scrambling 2 1 Review of Firewall argument Review of Hayden-Preskill 4 3

Firewall vs. Scrambling 2 1 Review of Firewall argument Review of Hayden-Preskill 4 3

Firewall vs. Scrambling 2 1 Review of Firewall argument Review of Hayden-Preskill 4 3 State-independent interior operators Interior operator from HP recovery 6 5 Resolution of the puzzle Effect of infalling observer 7 Discussions Beni

1.61k views • 106 slides
FIREMAN: A Toolkit for FIREwall Modeling and ANalysis Michael Lin All about firewalls A

FIREMAN: A Toolkit for FIREwall Modeling and ANalysis Michael Lin All about firewalls A

FIREMAN: A Toolkit for FIREwall Modeling and ANalysis Michael Lin All about firewalls A firewall is only as good as its configuration Big deal, it should be easy to configure a firewall, right? Basically... no. A Quantitative

507 views • 14 slides
S t e p h e n K i n g ' s P r a c t i c a l A d v i c e f o r T e

S t e p h e n K i n g ' s P r a c t i c a l A d v i c e f o r T e

S t e p h e n K i n g ' s P r a c t i c a l A d v i c e f o r T e c h Wr i t e r s Rikki Endsley @ rikki opensource.com : @ Twitter rikkiends opensource.com/stephen-king What, Why, Who, How What

366 views • 26 slides
Project Things A secure gateway to connect your things to Internet February 2, 2019

Project Things A secure gateway to connect your things to Internet February 2, 2019

Project Things A secure gateway to connect your things to Internet February 2, 2019 <https://fosdem.org/2019/schedule/event/project_things> Speakers Dipesh Monga @ Mozilla Techspeakers Philippe Coval @ Samsung OpenSource 2 The hidden

558 views • 28 slides
Firewalls 1 Outline What are firewalls? Types of Firewalls Building a simple

Firewalls 1 Outline What are firewalls? Types of Firewalls Building a simple

Firewalls 1 Outline What are firewalls? Types of Firewalls Building a simple firewall using Netfilter Iptables firewall in Linux Stateful Firewall Application Firewall Evading Firewalls 2 Firewalls

811 views • 55 slides
Overview Firewall Security Perimeter Security Devices H/W vs. S/W Packet Filtering vs.

Overview Firewall Security Perimeter Security Devices H/W vs. S/W Packet Filtering vs.

Overview Firewall Security Perimeter Security Devices H/W vs. S/W Packet Filtering vs. Stateful Inspection Firewall Topologies Chapter 8 Firewall Rulebases Lecturer: Pei-yih Ting 1 2 Perimeter Security Devices Routers

291 views • 7 slides
Java Card Applet Firewall Java Card Applet Firewall Exploration and Exploitation Exploration and

Java Card Applet Firewall Java Card Applet Firewall Exploration and Exploitation Exploration and

Java Card Applet Firewall Java Card Applet Firewall Exploration and Exploitation Exploration and Exploitation Wojciech Mostowski and Erik Poll Digital Security Radboud University Nijmegen The Netherlands http://www.cs.ru.nl/~{woj,erikpoll}/

818 views • 42 slides
Secure Routing for Mobile Ad hoc Networks Panagiotis Papadimitratos & Zygmunt J. Haas

Secure Routing for Mobile Ad hoc Networks Panagiotis Papadimitratos & Zygmunt J. Haas

Secure Routing for Mobile Ad hoc Networks Panagiotis Papadimitratos & Zygmunt J. Haas Presented by Leland Smith CS 6204, Spring 2005 1 Overview What are MANETs? Motivation Secure Routing Protocol Protocol Description

560 views • 15 slides
OpenStack: The OpenSource Clouds Application in High Energy Physics That Titles Overstated

OpenStack: The OpenSource Clouds Application in High Energy Physics That Titles Overstated

OpenStack: The OpenSource Clouds Application in High Energy Physics That Titles Overstated OpenStack: The OpenSource Clouds Potential Application in Data Intensive Research That Titles Overstated OpenStack: The OpenSource

461 views • 33 slides
Challenges in Access Right Assignment for Secure Home Networks

Challenges in Access Right Assignment for Secure Home Networks

Challenges in Access Right Assignment for Secure Home Networks Tiffany Hyun-Jin Kim, Lujo Bauer, James Newsome, Adrian Perrig (CMU) Jesse Walker

484 views • 17 slides
Towards Secure and Dependable So2ware-Defined Networks Diego

Towards Secure and Dependable So2ware-Defined Networks Diego

Towards Secure and Dependable So2ware-Defined Networks Diego Kreutz, Fernando M. V. Ramos, Paulo Verssimo LaSIGE/FCUL, University of Lisbon SDN in short

561 views • 30 slides

More recommend