Tweet
Hi all,
Recently, with some old hardware kicking around, I've been debating on building myself a firewall using software such as pfSense or Smoothwall. I noticed a particular thread from several years ago (namely here), which suggested that hardware firewalls are probably the more secure option to take rather than running a firewall based on a major operating system (I believe it was skroo who said that). Has anything changed on this front?
Currently, my network is just run in my house. In comparison to the average home, it's a larger network (2 desktops, 3 laptops, and 2 servers that I use for data storage and some small server hosting, along with a couple switches for routing cables), but by no means big in the grand scheme of things. The gateway is a DI-604 router, and I have a Open-WRT modded WRT54G as my AP. I temporarily installed pfSense on an old box I had kicking around, and immediately noticed that my download speed doubled (went from 400KB/s to about 775KB/s). While the extra bandwidth is nice to have (along with a whole slew of other features that pfSense offers), does the potential vulnerabilities of an operating system trump any benefits that may arise from being able to run other services on the gateway, such as the Snort IDS? Any reason why I should steer clear of pfSense and go for another Open Source solution such as m0n0wall or Smoothwall?
<aside>My first post on the Defcon forums despite lurking for quite a while. Quite frankly, I was scared shitless about making at least a decent first impression - hope this first post is up to snuff. Although by no means a guru at any particular part of hacking or security, I know enough to get by most of the time, and enough to make me feel like vomiting any time somebody asks a stupid question. Looking forward to attending my first Defcon this year, meeting some new people, learning more than my brain can handle, and hopefully giving back to the community in future years. </aside>
Recently, with some old hardware kicking around, I've been debating on building myself a firewall using software such as pfSense or Smoothwall. I noticed a particular thread from several years ago (namely here), which suggested that hardware firewalls are probably the more secure option to take rather than running a firewall based on a major operating system (I believe it was skroo who said that). Has anything changed on this front?
Currently, my network is just run in my house. In comparison to the average home, it's a larger network (2 desktops, 3 laptops, and 2 servers that I use for data storage and some small server hosting, along with a couple switches for routing cables), but by no means big in the grand scheme of things. The gateway is a DI-604 router, and I have a Open-WRT modded WRT54G as my AP. I temporarily installed pfSense on an old box I had kicking around, and immediately noticed that my download speed doubled (went from 400KB/s to about 775KB/s). While the extra bandwidth is nice to have (along with a whole slew of other features that pfSense offers), does the potential vulnerabilities of an operating system trump any benefits that may arise from being able to run other services on the gateway, such as the Snort IDS? Any reason why I should steer clear of pfSense and go for another Open Source solution such as m0n0wall or Smoothwall?
<aside>My first post on the Defcon forums despite lurking for quite a while. Quite frankly, I was scared shitless about making at least a decent first impression - hope this first post is up to snuff. Although by no means a guru at any particular part of hacking or security, I know enough to get by most of the time, and enough to make me feel like vomiting any time somebody asks a stupid question. Looking forward to attending my first Defcon this year, meeting some new people, learning more than my brain can handle, and hopefully giving back to the community in future years. </aside>
Comment