PFSense System
Snort Configuration
To start with the snort configuration, there is a need to first install it in PFSense inbuilt WebGUI. This is achieved by heading to System> Package manager and install it from the directory.
Figure 1: Snort Installation
Figure 2: Global settings
Figure 3:Update Settings
The snort packages current offer essential support for several already pre-packaged rules, they include;
- Emerging threats pro rules.
- Emerging threats open rules.
- Snort VRT rules (Vulnerability Research Team)
- OpenAPPID open detectors and rules for application detection.
- Snort GPLv2 community rules.
Figure 4: Updating Community Rules
Figure 5: Starting Snort
Figure 6: Snort Successfully Started
Snort Hardening
Snort is an intrusion prevention and detection system based on the PFSense firewall system. Snort can easily be configured to log any detected network events to both blocks and log them, respectively (Eberstein, 2017). Thanks to the OpenAPPID rules and detectors, the snort packages are configured to enable application filtering and detection. Prevention is always better than cure, and the same principle is also applicable in the field of cybersecurity. That’s why all servers are recommended as a best practice to have an already installed and configured firewall system to help in its hardening, protection from attacks.
Pfsense is one of the most popular firewall systems which can with some preconfigured, installed, and powerful features with a series of configuration options. Hackers, threats, and viruses are repetitively probing networks with the aim of finding a potential vulnerability which once exploited, will provide them with access to the network. With proper focus on server hardening, it only takes one hacked workstation for an entire organization’s network to become easily compromised. It is for these reasons, that not only is firewall implementation on a server recommended, but also ensuring that it is hardened by setting up intrusion detection systems to monitor incoming and outgoing traffic from the network.
After the initial installation of pfsense, there will always be a demanding need for the firewall configurations to match the exact need of the networking settings. Where not following these specified settings will inevitably put the server and entire network infrastructure at a security risk (Aggarwal, 2018). Some additional hardening processes which can be adopted apart from the additional network intrusion detection systems such as snort and Suricata, the firewall may be configured with restricted administrator access. Similar to any other software, pfsense also comes inclusive with admin access, which gives the manager control over all of the rules and configurations of pfsense.
Additionally, restricting internal network access and avoiding unencrypted traffic is also applicable in this case. Where it is generally accepted of the fact that any unencrypted traffic can be very dangerous to a network. Apart from the configurations and installations, ensuring that the firewall has a periodic backup system and is installed with automatic updates is the best practice.
References
Aggarwal, M. (2018). Network Security with pfSense: Architect, deploy, and operate enterprise-grade firewalls. Packt Publishing Ltd.
Ho, S. M., von Eberstein, A., & Chatmon, C. (2017). Expansive learning in cyber defense: the transformation of organizational information security culture. In Proceedings of the 12th Annual Symposium on Information Assurance (ASIA 2017) (pp. 23-28).