The road to establishing effective cyber security is a long one and has many forks in it with firewalls being an important aspect. A firewall is basically a software program or built-in hardware device that has the specific purpose of defending a business or home against internet threats. Firewalls can also be built into every operating system, placed on routers or switches and also many Internet of Things (IOT) devices. These built-in firewalls are, however, designed with basic controls and simplicity in mind.
Network firewalls with advanced controls and features like traffic monitoring and support for VPNs, DNS security and Intrusion detection security (IDS), are the best solution to improve the overall cyber defences of a network or devices. Fortunately, deploying an advanced firewall like this is not as difficult or expensive as it seems. There are numerous free, opensource firewall applications which can be downloaded and deployed relatively quickly which will provide an integral layer of security. OPNsense and pfSense are two such opensource firewalls which can be deployed as a virtual machine (VM) or hardware device and can be scaled depending on how many devices require protecting.
In most cases, rogue network activity can be the first sign of a network breach or an attempt thereof. Sadly, basic firewalls don’t provide the insight required to detect these problems and breaches often go unnoticed until it’s too late. Adding these ‘advanced’ firewalls to the protection suite (antimalware software) that is already implemented will improve resilience against hacks, data breaches, botnet attacks, malicious file downloads and exposed network ports. They also incorporate bandwidth monitoring and management features to limit devices on the network.
The best placement for a new firewall is between the internal network and the internet. The internet router/gateway should be plugged into the firewall’s WAN port and network switch to the LAN port. All wired network devices will connect through the network switch allowing traffic to flow through the firewall.
OPNsense offers hundreds of customisable features presented in a well-designed interface and an extensive guide and the features can be configured based on user discretion. If you’re not sure where to start, here are some points to begin with:
• Reporting -> Netflow
This built-in feature enables traffic monitoring and statistics to and from the firewall. The reports will include data on IP addresses assigned to devices, TCP and UDP port connections, bandwidth/network traffic monitoring and different health aspects of the firewall itself.
• Firewall -> Rules
The rules are split per network interface allowing more control of the inbound and outbound traffic. LAN rules control what traffic is allowed for the internal network while WAN rules control what internet traffic is allowed and blocked. Floating rules can also be defined and are not bound to a single interface (unlike WAN or LAN rules) and can therefore be used to span policies over multiple networks at the same time. The firewall automatically creates rules for the WAN and LAN interfaces. The automatic rules harden the network security by themselves, but more granular rules can be added by the firewall administrator. Rules can only be created and modified by a firewall admin (ignoring the automatic rules).
• Services -> Unbound DNS
Unbound DNS allows configuration of custom DNS servers for the network devices and supports DNSSEC and DNS over HTTPS. These features improve privacy for those who don’t want their ISP and threat actors spying on their internet traffic. This is especially useful to prevent man-in-the-middle attacks. [CloudFlare Browsing Experience Security Check]
• Services -> Intrusion Detection
Worried about network breaches? Intrusion detection applies hardening rules to block blacklisted IPs and servers, malware, worms, misbehaving applications and many more. It will also send alerts to defined users when any of the rules are triggered.
• System -> Firmware
Software updates and vulnerability checking in one place. The Updates tab can check for updates for all the firewall’s components as well as cross reference the versions against a vulnerability database. Much like any program, vulnerabilities will appear over time and staying up to date is the first line of defence.
Your new firewall adds a layer of security that is far beyond what an OS or IOT firewall can offer, hardening the cyber defences of any home or business.
Disclaimer: CyberVision PTY LTD is in no way advertising or enforcing the use of OPNsense as a firewall application. We do however, strongly urge the use of a dedicated firewall to help strengthen cyber resilience for home or business. We also suggest that our subscribers do research on which firewall application is best for their purposes.