Text only | Text with Images

OPNsense Forum

English Forums => General Discussion => Topic started by: baranmatin on January 09, 2022, 11:55:14 AM

Title: security function
Post by: baranmatin on January 09, 2022, 11:55:14 AM
Hi
How the opnsense can check security function operation?
Title: Re: security function
Post by: mimugmail on January 09, 2022, 03:00:43 PM
What exactly do you mean with security functions
Title: Re: security function
Post by: baranmatin on January 10, 2022, 05:37:41 AM
security function like Cryptographic algorithms , digital signature algorithms , hash functions ,random bit generators etc
Tanx
Title: Re: security function
Post by: franco on January 10, 2022, 08:59:32 AM
We do not hand-roll any cryptography so all the verification is done by included projects such as libsodium, LibreSSL/OpenSSL, OpenSSH, kernel opencrypto, etc.


Cheers,
Franco
Title: Re: security function
Post by: baranmatin on January 10, 2022, 09:51:58 AM
that's right, How can I test and  validate this function's operation?
In fact how the opnsnese  can validate it when turn on by itself .How is its mechanism?
Title: Re: security function
Post by: franco on January 10, 2022, 10:04:22 AM
So what's your threat model?


Cheers,
Franco
Title: Re: security function
Post by: baranmatin on January 10, 2022, 11:28:31 AM
perhaps I couldn't explain  my mean well.
In fact I want to introduce OPNsense to my company as an opensource  firewall. I should  to assure my boss about security of OPNsense. My boss ask me if there is a way to test security functionality when start the device to working or in duration of working .for example does opensense check  security algorithms that they work correctly before using it?
Title: Re: security function
Post by: chemlud on January 10, 2022, 12:01:40 PM
What's your current firewall? How do you check "security" there?

Which size of company? Which threat model?
Title: Re: security function
Post by: baranmatin on January 15, 2022, 06:34:54 AM
Hi and thanx for your answering.
at the moment we don't have any firewall in this branch but we have other branch same as this that we use Fortigate 111C.
We want to use Opnsense as a firewall and we want to apply some firewall rules with IPS. we want to use snort as an IPS.
This branch of our compony have about 20 computers with 4 or 5 Mb traffic at most.
Unfortunately I cannot understand your mean about threat model. I'm sorry.
I will be pleasure if you can help me.
best regards
Title: Re: security function
Post by: fabian on January 15, 2022, 03:21:41 PM
Quote from: baranmatin on January 15, 2022, 06:34:54 AM
Unfortunately I cannot understand your mean about threat model. I'm sorry.
I will be pleasure if you can help me.

Usually you have the diamond model:

https://owasp.org/www-chapter-dorset/assets/presentations/2019-04/Cyber_Kill_Chains-11-Apr-19-OWASP-Dorset.pdf (https://owasp.org/www-chapter-dorset/assets/presentations/2019-04/Cyber_Kill_Chains-11-Apr-19-OWASP-Dorset.pdf) Page 8+

Some general Questions for yourself are:
* Who is the attacker?
* Who/What is the Victim?
* Threat?
* Impact?

If you answered that questions, you can calculate the risk (= probablillty * impact) and with that information, you know the required protection level and you can decide, what products etc. are needed.
Title: Re: security function
Post by: lfirewall1243 on January 18, 2022, 08:22:39 AM
Quote from: baranmatin on January 10, 2022, 11:28:31 AM
perhaps I couldn't explain  my mean well.
In fact I want to introduce OPNsense to my company as an opensource  firewall. I should  to assure my boss about security of OPNsense. My boss ask me if there is a way to test security functionality when start the device to working or in duration of working .for example does opensense check  security algorithms that they work correctly before using it?

And how do you check that stuff on your Fortigate?
Text only | Text with Images