Safer @ Home with pfSense®
()
About this ebook
You don't need to risk your security and privacy on consumer-grade security products any longer.
Book Description
pfSense® is a powerful, commercial-grade firewall that provides capabilities far beyond what you can get in consumer products. This book will walk you through setting up your pfSense® firewall with many easy to follow recipes to choose from, depending on your needs.
What you will learn
* Blocking malware, phishing and malicious sites and countries
* Hiding your DNS traffic from ISP snooping
* Reducing the burden that advertising has on your browsing
* Isolating your vulnerable IoT devices using VLANs
* Setting up your firewall to provide you reports on matters that need your attention
* Resolving buffer bloat to maximize your internet connection
* Enabling remote access using VPNs
* Managing, documenting, updating and backing up your firewall configuration
Who this book is for
This book is for those with an introductory understanding of networking, at least networking terms such as subnets. Prior knowledge of firewalls would be helpful but is not required. Most important is a desire and willingness to "get your hands dirty", in both setting up your firewall and understanding how to utilize it to protect your home and business.
Michael Lines
Michael is an information security/risk executive and consultant, with a 20-year track record as a Chief Information Security Officer (CISO), advisory Information Security practice leader, and information security/risk consultant. He writes, blogs, presents, speaks, and provides interviews on a wide variety of information security topics, primarily concerning what it takes to develop and run effective information security programs, and why so many companies continue to suffer security breaches due to ineffective programs.
Related to Safer @ Home with pfSense®
Related ebooks
Mastering Linux Security and Hardening - Second Edition: Protect your Linux systems from intruders, malware attacks, and other cyber threats, 2nd Edition Rating: 0 out of 5 stars0 ratingsNginx Essentials Rating: 0 out of 5 stars0 ratingsSix Minute Guide to IPv6 Rating: 5 out of 5 stars5/5Troubleshooting OpenVPN Rating: 0 out of 5 stars0 ratingsBuilding a Home Security System with Raspberry Pi Rating: 0 out of 5 stars0 ratingsRaspberry Pi Server Essentials Rating: 0 out of 5 stars0 ratingsSolarWinds Server & Application Monitor : Deployment and Administration Rating: 0 out of 5 stars0 ratingsMetasploit Bootcamp Rating: 5 out of 5 stars5/5Mastering NGINX - Second Edition Rating: 0 out of 5 stars0 ratingsBeagleBone Home Automation Blueprints Rating: 0 out of 5 stars0 ratingsKali Linux Wireless Penetration Testing Essentials Rating: 5 out of 5 stars5/5How to Build a Home or Office Web Server Rating: 0 out of 5 stars0 ratingsHack into your Friends Computer Rating: 0 out of 5 stars0 ratingsLinux, Apache, MySQL, PHP Performance End to End Rating: 5 out of 5 stars5/5Building a NAS Server with Raspberry Pi and Openmediavault Rating: 0 out of 5 stars0 ratingspfSense 2 Cookbook Rating: 3 out of 5 stars3/5CEH v9: Certified Ethical Hacker Version 9 Study Guide Rating: 0 out of 5 stars0 ratingsMastering KVM Virtualization Rating: 5 out of 5 stars5/5How to Cheat at Securing a Wireless Network Rating: 2 out of 5 stars2/5Security Administrator Street Smarts: A Real World Guide to CompTIA Security+ Skills Rating: 3 out of 5 stars3/5Key technologies for NG-PON2 system Rating: 0 out of 5 stars0 ratingsThe Hacker Hunter Rating: 0 out of 5 stars0 ratingsThe Personal Digital Resilience Handbook: An essential guide to safe, secure and robust use of everyday technology Rating: 0 out of 5 stars0 ratingsNmap in the Enterprise: Your Guide to Network Scanning Rating: 0 out of 5 stars0 ratingsMastering Ubuntu Server Rating: 5 out of 5 stars5/5The Wireshark Field Guide: Analyzing and Troubleshooting Network Traffic Rating: 4 out of 5 stars4/5VMware Workstation - No Experience Necessary Rating: 0 out of 5 stars0 ratingsInstant Hyper-V Server Virtualization Starter Rating: 0 out of 5 stars0 ratings
Internet & Web For You
No Place to Hide: Edward Snowden, the NSA, and the U.S. Surveillance State Rating: 4 out of 5 stars4/5How to Be Invisible: Protect Your Home, Your Children, Your Assets, and Your Life Rating: 4 out of 5 stars4/5Social Engineering: The Science of Human Hacking Rating: 3 out of 5 stars3/5The Gothic Novel Collection Rating: 5 out of 5 stars5/5Get Rich or Lie Trying: Ambition and Deceit in the New Influencer Economy Rating: 0 out of 5 stars0 ratingsSix Figure Blogging Blueprint Rating: 5 out of 5 stars5/5Coding For Dummies Rating: 5 out of 5 stars5/5How to Disappear and Live Off the Grid: A CIA Insider's Guide Rating: 0 out of 5 stars0 ratingsEverybody Lies: Big Data, New Data, and What the Internet Can Tell Us About Who We Really Are Rating: 4 out of 5 stars4/5Coding All-in-One For Dummies Rating: 4 out of 5 stars4/5Podcasting For Dummies Rating: 4 out of 5 stars4/5The Hacker Crackdown: Law and Disorder on the Electronic Frontier Rating: 4 out of 5 stars4/5Beginner's Guide To Starting An Etsy Print-On-Demand Shop Rating: 0 out of 5 stars0 ratingsGrokking Algorithms: An illustrated guide for programmers and other curious people Rating: 4 out of 5 stars4/5The Beginner's Affiliate Marketing Blueprint Rating: 4 out of 5 stars4/5200+ Ways to Protect Your Privacy: Simple Ways to Prevent Hacks and Protect Your Privacy--On and Offline Rating: 0 out of 5 stars0 ratingsHacking : The Ultimate Comprehensive Step-By-Step Guide to the Basics of Ethical Hacking Rating: 5 out of 5 stars5/5The Internet Is Not What You Think It Is: A History, a Philosophy, a Warning Rating: 4 out of 5 stars4/5The Logo Brainstorm Book: A Comprehensive Guide for Exploring Design Directions Rating: 4 out of 5 stars4/5Remote/WebCam Notarization : Basic Understanding Rating: 3 out of 5 stars3/5How To Start A Podcast Rating: 4 out of 5 stars4/5Tor and the Dark Art of Anonymity Rating: 5 out of 5 stars5/5More Porn - Faster!: 50 Tips & Tools for Faster and More Efficient Porn Browsing Rating: 3 out of 5 stars3/5The Digital Marketing Handbook: A Step-By-Step Guide to Creating Websites That Sell Rating: 5 out of 5 stars5/5The Cyber Attack Survival Manual: Tools for Surviving Everything from Identity Theft to the Digital Apocalypse Rating: 0 out of 5 stars0 ratingsIntroduction to Internet Scams and Fraud: Credit Card Theft, Work-At-Home Scams and Lottery Scams Rating: 4 out of 5 stars4/5
Reviews for Safer @ Home with pfSense®
0 ratings0 reviews
Book preview
Safer @ Home with pfSense® - Michael Lines
INTRODUCTION
This book is intended for technically inclined individuals who want to protect their security and privacy from internet related threats. The protection that consumer-grade routers or WiFi access points provide is often limited at best. In many cases, these products are nothing more than primitive routers doing network address translation (NAT) to hide the devices on the individual’s local network devices from the internet. The functionality of these devices is limited, their performance abysmal, and their security even worse¹. When vulnerabilities are detected in these products, the purchaser is unlikely to be informed of their existence, assuming the vendor even bothers to release a patch².
There are alternatives that provide true business-grade capabilities for the more hands-on individual, and that do not cost an arm and a leg. These are the software and hardware appliances from Netgate. Netgate’s pfSense® is the industry leader in open source firewall software, with over 1 million deployments worldwide to consumers, businesses, educational institutions, and governments. There is an active and free online support community³ available to help individuals configure and use the pfSense® software, as well as paid support and professional services available for businesses.
In this book, I will describe how to set up Netgate’s SG-1100 appliance⁴ to secure a typical consumer (or small business) network. While my recommendations assume that you have an SG-1100 appliance, these recipes are just as applicable to any other Netgate appliance or even your own firewall if you have built it using an old PC and the free pfSense® community edition software⁵.
How this book is structured
This book is organized as a series of recipes
, where each recipe solves a particular security or privacy problem. After you have set up your SG-1100 following the instructions under "Recipe One - The basic ingredients", which recipe you choose to apply next is up to you based on your needs. If a recipe has a dependency on another recipe being performed first, I will let you know.
About the SG-1100
The SG-1100 is Netgate’s lowest end appliance, yet even at that is still delivers more performance than most consumer-grade routers. It is compact, silent, and power-efficient, and for internet connections up to around 500 Megabits per second (Mbs), it will be all that you need. Please note, that if you are running a gigabit fiber connection into your home, or if you wish to run more packages than are described in this book, you will need to upgrade to a more powerful appliance in Netgate’s product line, or build your firewall using the pfSense® community edition software⁶.
Out of the box, the SG-1100 with a basic NAT configuration is far ahead of most consumer-grade routers in terms of performance and security capabilities. If you are worried that the SG-1100 is not powerful enough, rest assured that it is perfectly capable of supporting all the recipes in this book concurrently as long as your connection speed is not above the limit mentioned above.
Who this book is for
This book is for you those familiar with IP networking, who like to get their hands dirty, and who are willing to experiment. If this is not you, don’t feel bad, as this describes the vast majority of electronics buyers.
In that case, a good consumer router, as insufficient as I believe them to be, is your best choice. My recommendation for anyone in this case is to look at the products from Eero. While Eero’s products have nowhere near the capabilities of pfSense® as firewalls or routers, for most consumers they are plug and play and will serve their needs.
Command conventions
There are tons of configuration options in pfSense® to choose from, and in this book, we will just be scratching the surface of what you can do. To understand what you need to do to execute my instructions, I will use the following convention when I am describing navigation within pfSense®, as well as for entering information.
Navigation within the pfSense® webpage will follow the convention of:
Once you are on a pfSense® page and I need you to either enter information, click a button or select an option in a field, I will refer to the item on the page by displaying it in bold, for example, Bandwidth. The information or option itself that I want you to enter into that field I will show in quotes, such as 100
. Enter the information without the quotes.