New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
What is this Snort-based firewall appliance, or what do you use?
raindog308
Administrator, Veteran
in General
In this thread @emg didn't want to specify which firewall appliance he's using, which is totally cool.
But I'm curious what it is, as I'd like to improve my home security. Port/packet-filtering, wifi guest network, etc. is all easy but I'd like to move "up the stack" to detect/block threats.
Comments
if you are behind NAT then you don't even really need a firewall. o.o
Nat = no need for firewall lol
I really like Zentyal for it's bundling of various services in a simple way, including IDS. Should give it a spin sometime for kicks.
why do you need firewall if you're behind nat?
Yeah, that's exactly the reason no one's PC is ever hacked and we don't have to worry about malicious websites.
a firewall cant save you from that. Sandboxie and Noscript can.
Nothing can really save you! Using NAT and a Firewall together plus sniffing traffic is the best defense, but that is my opinion
Personally I wouldn't trust a home/domestic router to give you full protection even behind NAT. Domestic router boxes are notoriously insecure e.g. http://threatpost.com/12-million-home-routers-vulnerable-to-takeover/109970
Also if you have several devices behind the NAT, if one gets infected, firewalls can help prevent the infection from spreading to other devices.
A stateful/protocol firewall can still be useful with NAT, to capture protocol exploits like known buffer overruns and bugs, port scanners looking for vulnerable dynamically forwarded ports, or infected traffic coming FROM your LAN after a trojan...
@raindog308 Probably Pfsense and Snort added as a module.