pfSense Support Subscription

Author Topic: Testing the security of my pfSense setup  (Read 155 times)

0 Members and 1 Guest are viewing this topic.

Offline just_curious

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
Testing the security of my pfSense setup
« on: November 13, 2017, 07:40:18 am »
Hello all,
Installing pfSense for my home system has been an uphill climb for me. I have followed various web guides and I now have it up and running with 2.41 software. However I am unsure as to the level of security it is providing. Is there some way to check my setup regarding the protection it is providing? There is a DNS leak test for VPNs, anything similar for pfSense?

Offline BlueKobold

  • Hero Member
  • *****
  • Posts: 2459
  • Karma: +193/-105
  • pfSense rocks!
    • View Profile
Re: Testing the security of my pfSense setup
« Reply #1 on: November 13, 2017, 10:38:55 am »
nmap & zenmap

Some tools
Some more tools

I would be set up pfSense, Snort as IDS and Squid as proxy and then try to get in contact from the outside.
A good tool to start is nmap w/o zenmap for sure, also nessus will be nice a BackTrack can be used for that.
Greetings from Germany
Frank

Offline just_curious

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
Re: Testing the security of my pfSense setup
« Reply #2 on: November 14, 2017, 08:27:41 am »
Thank you Frank for your advice, I will have a careful look at your suggested apps.

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 14299
  • Karma: +1330/-193
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: Testing the security of my pfSense setup
« Reply #3 on: November 14, 2017, 08:33:56 am »
"However I am unsure as to the level of security it is providing"

In what aspect?  Are you trying to control you users outbound access?  Are you wanting to look for bad traffic either inbound (that you have opened with a port forward) or your clients talking outbound to something or on your own network between vlans?  Like a infected client?

Out of the box all unsolicited inbound traffic would be blocked.  To be honest if you feel that deployment of pfsense was an uphill battle.. Advanced security features IPS/IDS is going more than likely just cause you grief other than any added security.. There is a large learning curve on such systems.
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.3.4_p1 (work)
1x 2.4.2-RELEASE on VM esxi 6.5 (home)