OPNsense Forum
English Forums => Zenarmor (Sensei) => Topic started by: ruuskil on December 26, 2021, 08:04:00 pm
-
On the Advanced Security policy we can see options for:
Block Botnet C&C (Coming soon)
Block Botnet DGA Domains (Coming soon)
Block DNS Tunneling (Coming soon)
Any information when these are actually coming?
-
Soon™
But seriously, I am curious as well, though I wouldn't really use it most likely, as you can do all that from not only suricata but opnsense firewall aliases as well. Everything in sensei can be done in aliases actually, so you are paying for categories, and an easy to use elk stack basically, for nice graphs.
-
Well, I am not a security expert. So for me the choice is between paranoid dabbler and trusting a security company to do the hard work. A paranoid dabbler adds aliases till the internet browsing no longer works properly. If I trust the company is sit down and relax.
-
Aliases aren't "paranoid" or "complicated" so I have a hard time understanding that whole line of thought. You are running a full featured firewall, if you think that's "paranoid" why are you using opnsense? Your router firewall would probably be more than adequate :)
-
As I said, I am not expert, and if I were to use aliases, I would block too much. So, I was speaking about me and people like me, who can either trust the experts or behave like paranoid dabblers.
I did use pfBlockerNG and decided it is not my thing.
-
To sum up:
* I know what alises are;
* I know how to insert a list of aliases;
* I know that 95% of the lists of aliases are free (gratis).
But even then I cannot find the proper balance.
A man worked in a factory and worked on the same machine all his life. This machine was unique and whenever it broke down, he would fix it. He was the only person who used the machine and the only one who could fix it and keep it running.
The time came for the man to retire. The whole company turned out and wished him well.
A couple of months later, the machine broke down. There was no replacement in existence so the Company Director rang the man and asked him to come in as a consultant to have a look at the machine and fix it.
The man came in, spent 15 minutes looking over the machine, pressing his ear to it, peering into gaps until he reached in to his bag and brought out a hammer. He then gave the machine a small tap and lo and behold, the machine was FIXED!
The director was overjoyed and asked the man to send him his invoice.
The invoice arrived for £10,000. The director was furious and immediately rang the man and demanded that he send a breakdown of the invoice and the tasks he performed.
He received the following:
Hitting the machine with a hammer .. .. .. £5.00
KNOWING where to hit the machine with a hammer .. £9995.00
The director paid the invoice without complaint.
-
If you have a website or externally facing service, you need to come more of a security conscious person, not an "expert" but you do need to learn. If you don't have externally facing services, you don't need anything except the base firewall, everything else is just worthless. Its already blocking all incoming by default so no reason at all to do more. I have external services running, so I have to do more than the average user.
-
Not worthless: I was much longer doing this with Diversion and Skynet for AsusWRT Merlin, and even before that with custom Optware for DD-WRT.
So, yeah, I love censored internet. I don't censor it morally or politically, but I censor it for ads, scams, phishing and other security risks.