Router Charts

Router Charts

Router Ranker

Router Ranker

Router Chooser

Router Chooser

NAS Charts

NAS Charts

NAS Ranker

NAS Ranker

More Tools

More Tools

Security How To

Introduction

Don't let the bad guys in

Hear that sound? That is someone rattling your doorknob. If they are able to break in, they will ransack your home, rifle through your private papers, correspondence, bank statements, photos, and if lucky they’ll find your club memberships and credit cards - your identity. They may even plant listening devices. If you lived in a bad neighborhood, you’d put in high quality locks and maybe an alarm system. The problem is, on the net, everywhere is a bad neighborhood.

What stands between you and this happening on the internet is generally your router, which is designed more as a doorway than a lock. Consumer grade firewalls, either software or hardware, can act as a lock or gatekeeper. But to truly turn back the faceless attacks (even if they would just find pictures of your kids), you need a dynamic firewall with intrusion detection; the kind of 1U firewall server appliances usually found only in corporate data centers (read: expensive). Devices that generally start at about $3K; a Cisco PIX firewall starts at nine.

We’ll show you how you can put together your own firewall/router with all of the capabilities of high-end gear using open source software and inexpensive components. There are a significant number of open source distributions available for homebrew router/firewall builds. We chose pfSense for its outstanding built-in functionality, active support forums, first class documentation and overall maturity. Most significantly, beyond rich routing functionality, pfSense offers firewall and intrusion detection/prevention well beyond that of the mere mortal router.

Firewall vs. Intrusion Detection/Prevention

To understand the advantages offered by pfSense over your router or a firewall, we need to understand the difference between what a router/firewall offers and what an Intrusion detection system (IDS) provides.

A firewall, in the most general sense, works at the connection level of your network traffic, looking at the envelope of a network connection:  Where is it coming from? Where is it going? What is the origin and/or destination address/port?

Figure 1 is as real firewall log, notice the aforementioned doorknob rattling:

A real firewall log showing network probes

Figure 1: A real firewall log showing network probes

An intrusion detection system goes beyond and below firewall filtering. Beyond, by looking at the pattern of network connections, recognizing port scans, specific threat signatures and denial of service attacks. Below by looking at the actual contents of each packet, recognizing executable code, badly formed packets, buffer overflow attempts, and things like plain-text credit card numbers.

Figure 2 shows a real log from the IDS tool Snort for the same period as above:

Snort log

Figure 2: Snort log

Note:  The IP addresses have been obscured to protect the innocent and the network the router/firewall protects. These logs are from a developer’s (my) home network, with no P2P traffic or other dodgey activity that might advertise the WAN IP address.

pfSense

pfSense is a free, mature open source project that runs on top of FreeBSD, for firewall/router installations. It has been around since 2004, when it was spun-off from m0n0wall. Where m0n0wall is designed for embedded systems, pfSense is geared toward x86 commodity hardware.

Like any modern router, pfSense is administered through a comprehensive Web GUI (Figure 3). At no point do you need to drop to a shell window, unless you want to further customize your router.

PFsense Dashboard

Figure 3: pfSense Dashboard

The out-of-the-box functionality is impressive, and too long to go into here, but includes full routing capabilities across multiple interfaces, graphical traffic monitoring, firewall filtering, VPN Support (IPSec, OpenVPN, PPTP ), Captive Portal login handling, Quality of Service traffic shaping, load balancing across multiple interfaces, ISP & Router failover,  and network logging. Over the top functionality.

In addition, Table 1 shows a few of pfSense's add-in integrated packages adapted to pfSense’s Web GUI, providing a surprising array of functionality.

Snort Eminent packet filtering rules engine, providing intrusion detection and prevention, allows for policy enforcement, and IP blocking. With custom and regularly updated dynamic rules.
Squid High speed caching web proxy, can run transparently
SquidGuard Squid Proxy Add-on for Content Filtering
HAVP HTTP antivirus scanning proxy, a front-end to ClamAV
IP-Blocklist IP blocking based on various published IP address lists from iBlockList.com
Table 1: pfSense packages

Beyond the integrated pfSense packages, FreeBSD offers a rich set of network tools and open source packages, including EtherApe, PFTop and Tarpit that can run in conjunction with and alongside pfSense.

More Stuff

Featured Sponsors

Win This!

TP-LINK Archer C9 & TL-PA4010KIT

You could win a TP-LINK Archer C9 AC1900 class router and AV500 Powerline Adapter kit

Learn How!

Top Performing Routers

AC3200
AC2350
AC1900
AC1750
AC1200

Top Performing NASes

NoRAID
RAID1
RAID5

Over In The Forums

Hello all, I'm looking at purchasing the N5550 but have not been able to find out if it has a personal cloud feature similar to dropbox. I currently h...
Important! Qualitative VPN service BuyVPN.com. No logs. No lags. No problems with payment. Simplicity and security only. Servers: - Germany - USA - ...
Hi there been having a frustrating problem for some time now and dunno why and what to do, when i gamestream from my pc to my sheild the router eventu...
Hello; thank you for taking the time to read this thread. How do I get two computers to prefer using the Ethernet connection between them (such as sy...
2 new routers coming out in the near future. Linksys WRT1200AC Linksys EA8500 this one is being advertised as an AC2600. http://store.linksys.com/...

Don't Miss These

  • 1
  • 2
  • 3