Safer @ Home with pfSense®
()
About this ebook
You don't need to risk your security and privacy on consumer-grade security products any longer.
Book Description
pfSense® is a powerful, commercial-grade firewall that provides capabilities far beyond what you can get in consumer products. This book will walk you through setting up your pfSense® firewall with many easy to follow recipes to choose from, depending on your needs.
What you will learn
* Blocking malware, phishing and malicious sites and countries
* Hiding your DNS traffic from ISP snooping
* Reducing the burden that advertising has on your browsing
* Isolating your vulnerable IoT devices using VLANs
* Setting up your firewall to provide you reports on matters that need your attention
* Resolving buffer bloat to maximize your internet connection
* Enabling remote access using VPNs
* Managing, documenting, updating and backing up your firewall configuration
Who this book is for
This book is for those with an introductory understanding of networking, at least networking terms such as subnets. Prior knowledge of firewalls would be helpful but is not required. Most important is a desire and willingness to "get your hands dirty", in both setting up your firewall and understanding how to utilize it to protect your home and business.
Michael Lines
Michael is an information security/risk executive and consultant, with a 20-year track record as a Chief Information Security Officer (CISO), advisory Information Security practice leader, and information security/risk consultant. He writes, blogs, presents, speaks, and provides interviews on a wide variety of information security topics, primarily concerning what it takes to develop and run effective information security programs, and why so many companies continue to suffer security breaches due to ineffective programs.
Related to Safer @ Home with pfSense®
Related ebooks
Mastering Linux Security and Hardening - Second Edition: Protect your Linux systems from intruders, malware attacks, and other cyber threats, 2nd Edition Rating: 0 out of 5 stars0 ratingsMastering NGINX - Second Edition Rating: 0 out of 5 stars0 ratingsLearning SaltStack - Second Edition Rating: 0 out of 5 stars0 ratingsRaspberry Pi Server Essentials Rating: 0 out of 5 stars0 ratingsUnderstanding Network Hacks: Attack and Defense with Python Rating: 0 out of 5 stars0 ratingsLinux Networking Cookbook Rating: 0 out of 5 stars0 ratingsTroubleshooting OpenVPN Rating: 0 out of 5 stars0 ratingsMetasploit Bootcamp Rating: 5 out of 5 stars5/5The Fast-Track Guide to VXLAN BGP EVPN Fabrics: Implement Today’s Multi-Tenant Software-Defined Networks Rating: 0 out of 5 stars0 ratingsBuilding a Home Security System with Raspberry Pi Rating: 0 out of 5 stars0 ratingsNginx Essentials Rating: 0 out of 5 stars0 ratingsRed Hat Certified Engineer (RHCE) Study Guide: Ansible Automation for the Red Hat Enterprise Linux 8 Exam (EX294) Rating: 0 out of 5 stars0 ratingsWorking with Linux – Quick Hacks for the Command Line Rating: 5 out of 5 stars5/5Six Minute Guide to IPv6 Rating: 5 out of 5 stars5/5BeagleBone Home Automation Blueprints Rating: 0 out of 5 stars0 ratingsKali Linux Wireless Penetration Testing Essentials Rating: 5 out of 5 stars5/5pfSense 2 Cookbook Rating: 3 out of 5 stars3/5Mastering KVM Virtualization Rating: 5 out of 5 stars5/5Cisco Networks: Engineers' Handbook of Routing, Switching, and Security with IOS, NX-OS, and ASA Rating: 0 out of 5 stars0 ratingsMastering Ubuntu Server Rating: 5 out of 5 stars5/5Network Analysis Using Wireshark Cookbook Rating: 0 out of 5 stars0 ratingsKey technologies for NG-PON2 system Rating: 0 out of 5 stars0 ratingsKVM Virtualization Cookbook Rating: 0 out of 5 stars0 ratingsA Practical Guide Wireshark Forensics Rating: 5 out of 5 stars5/5Mastering Proxmox - Second Edition Rating: 0 out of 5 stars0 ratingsFreeBSD Mastery: Jails: IT Mastery, #15 Rating: 5 out of 5 stars5/5Learning Proxmox VE Rating: 0 out of 5 stars0 ratingsMastering Linux Network Administration Rating: 4 out of 5 stars4/5Puppet Cookbook - Third Edition Rating: 5 out of 5 stars5/5
Internet & Web For You
How to Disappear and Live Off the Grid: A CIA Insider's Guide Rating: 0 out of 5 stars0 ratingsCoding For Dummies Rating: 5 out of 5 stars5/5No Place to Hide: Edward Snowden, the NSA, and the U.S. Surveillance State Rating: 4 out of 5 stars4/5The Hacker Crackdown: Law and Disorder on the Electronic Frontier Rating: 4 out of 5 stars4/5Podcasting For Dummies Rating: 4 out of 5 stars4/5Coding All-in-One For Dummies Rating: 4 out of 5 stars4/5How to Be Invisible: Protect Your Home, Your Children, Your Assets, and Your Life Rating: 4 out of 5 stars4/5The Beginner's Affiliate Marketing Blueprint Rating: 4 out of 5 stars4/5Six Figure Blogging Blueprint Rating: 5 out of 5 stars5/5Grokking Algorithms: An illustrated guide for programmers and other curious people Rating: 4 out of 5 stars4/5Hacking : The Ultimate Comprehensive Step-By-Step Guide to the Basics of Ethical Hacking Rating: 5 out of 5 stars5/5Cybersecurity For Dummies Rating: 4 out of 5 stars4/5Social Engineering: The Science of Human Hacking Rating: 3 out of 5 stars3/5Everybody Lies: Big Data, New Data, and What the Internet Can Tell Us About Who We Really Are Rating: 4 out of 5 stars4/5The Gothic Novel Collection Rating: 5 out of 5 stars5/5How To Start A Podcast Rating: 4 out of 5 stars4/5How To Start A Profitable Authority Blog In Under One Hour Rating: 5 out of 5 stars5/5How To Make Money Blogging: How I Replaced My Day-Job With My Blog and How You Can Start A Blog Today Rating: 4 out of 5 stars4/5The $1,000,000 Web Designer Guide: A Practical Guide for Wealth and Freedom as an Online Freelancer Rating: 5 out of 5 stars5/5The Logo Brainstorm Book: A Comprehensive Guide for Exploring Design Directions Rating: 4 out of 5 stars4/5The Mega Box: The Ultimate Guide to the Best Free Resources on the Internet Rating: 4 out of 5 stars4/5Python QuickStart Guide: The Simplified Beginner's Guide to Python Programming Using Hands-On Projects and Real-World Applications Rating: 0 out of 5 stars0 ratingsTube Ritual: Jumpstart Your Journey to 5000 YouTube Subscribers Rating: 0 out of 5 stars0 ratingsWireless Hacking 101 Rating: 4 out of 5 stars4/5Get Rich or Lie Trying: Ambition and Deceit in the New Influencer Economy Rating: 0 out of 5 stars0 ratingsRemote/WebCam Notarization <<Extended>> Commonwealth of Virginia Rating: 0 out of 5 stars0 ratings
Reviews for Safer @ Home with pfSense®
0 ratings0 reviews
Book preview
Safer @ Home with pfSense® - Michael Lines
INTRODUCTION
This book is intended for technically inclined individuals who want to protect their security and privacy from internet related threats. The protection that consumer-grade routers or WiFi access points provide is often limited at best. In many cases, these products are nothing more than primitive routers doing network address translation (NAT) to hide the devices on the individual’s local network devices from the internet. The functionality of these devices is limited, their performance abysmal, and their security even worse¹. When vulnerabilities are detected in these products, the purchaser is unlikely to be informed of their existence, assuming the vendor even bothers to release a patch².
There are alternatives that provide true business-grade capabilities for the more hands-on individual, and that do not cost an arm and a leg. These are the software and hardware appliances from Netgate. Netgate’s pfSense® is the industry leader in open source firewall software, with over 1 million deployments worldwide to consumers, businesses, educational institutions, and governments. There is an active and free online support community³ available to help individuals configure and use the pfSense® software, as well as paid support and professional services available for businesses.
In this book, I will describe how to set up Netgate’s SG-1100 appliance⁴ to secure a typical consumer (or small business) network. While my recommendations assume that you have an SG-1100 appliance, these recipes are just as applicable to any other Netgate appliance or even your own firewall if you have built it using an old PC and the free pfSense® community edition software⁵.
How this book is structured
This book is organized as a series of recipes
, where each recipe solves a particular security or privacy problem. After you have set up your SG-1100 following the instructions under "Recipe One - The basic ingredients", which recipe you choose to apply next is up to you based on your needs. If a recipe has a dependency on another recipe being performed first, I will let you know.
About the SG-1100
The SG-1100 is Netgate’s lowest end appliance, yet even at that is still delivers more performance than most consumer-grade routers. It is compact, silent, and power-efficient, and for internet connections up to around 500 Megabits per second (Mbs), it will be all that you need. Please note, that if you are running a gigabit fiber connection into your home, or if you wish to run more packages than are described in this book, you will need to upgrade to a more powerful appliance in Netgate’s product line, or build your firewall using the pfSense® community edition software⁶.
Out of the box, the SG-1100 with a basic NAT configuration is far ahead of most consumer-grade routers in terms of performance and security capabilities. If you are worried that the SG-1100 is not powerful enough, rest assured that it is perfectly capable of supporting all the recipes in this book concurrently as long as your connection speed is not above the limit mentioned above.
Who this book is for
This book is for you those familiar with IP networking, who like to get their hands dirty, and who are willing to experiment. If this is not you, don’t feel bad, as this describes the vast majority of electronics buyers.
In that case, a good consumer router, as insufficient as I believe them to be, is your best choice. My recommendation for anyone in this case is to look at the products from Eero. While Eero’s products have nowhere near the capabilities of pfSense® as firewalls or routers, for most consumers they are plug and play and will serve their needs.
Command conventions
There are tons of configuration options in pfSense® to choose from, and in this book, we will just be scratching the surface of what you can do. To understand what you need to do to execute my instructions, I will use the following convention when I am describing navigation within pfSense®, as well as for entering information.
Navigation within the pfSense® webpage will follow the convention of:
Once you are on a pfSense® page and I need you to either enter information, click a button or select an option in a field, I will refer to the item on the page by displaying it in bold, for example, Bandwidth. The information or option itself that I want you to enter into that field I will show in quotes, such as 100
. Enter the information without the quotes.