Browser Intrusion which opnsense cannot protect against

[someone]

There are two types of threats, one I have discovered recently on my own
One: Say your computer is on and no browser open:
     That is new connection based, in which a new connection is required, Opnsense firewall and suricata handles these very good.
     No one can just make a connection to your computer you didnt ask for. Attackers and bots cant get in
Two: Browser based connections three types, opnsense cannot protect against
     One: A connection made by something you clicked on, hovered over
     Two: Automatic connection by a connected server, connects you to other servers without permission, also from embedded scripts in webpages
     Three: Stolen connections such as cross platform scripts inside websites

If they have a connection they can do what they want on your computer
So how do you protect your operating system and opnsense
I use apparmor and install its extra profiles, it protects your operating system endpoints so bad guys cant destroy or takeover your computer or opnsense. There are many different types of endpoint protection. They also differ in what they trigger off of. Apparmor is access control of endpoints. Endpoints are apps that operate your computer. It is working for me in default configuration once you add the extra profiles with a software manager. If they have access to your computer they have very easy access to opnsense LAN side. I would think everyone needs some type of endpoint protection if you can.

Careful which type of endpoint protection you use, they are not created equal. And I dont care to bash them. Pun.
Protection such as apparmor monitors all commands on your computer, aka access control, others monitor IPs only, others just key words, etc.
I install auditd also so I can see which commands apparmor blocked which are coming through the browser

Suricata is working on decryption where they can scan all incoming traffic. Which will take a large burden off of endpoint protection.
If you are a business there are services offering this.
At home decryption can be done and traffic scanned.

I call it browser intrusion, it has many names and many attacks

[Monviech (Cedrik)]

Could you create less of these random threads please, they are starting to look like spam. Thank you.

[someone]

What is the title of this forum section. I spent two years working to get this information in which no one on this forum has bothered to mention or been able to help with. I hope it helps others, and helps opnsense. Opnsense is in competition, has obligations and so does this forum. Security is the only thing keeping opnsense and its competitors alive. Are we going to post security related messages here or will opnsense create another topic field. I dont care to see opnsense fall behind, security and the ongoing tasks and countermeasures are huge.

[Monviech (Cedrik)]

This forum is certainly not a personal diary where countless threads are opened up that have no real content.

[someone]

People please dont leave opnsense because there are some non helpful people on the forum. Many forums like that.

[Monviech (Cedrik)]

I don't know what your agenda is but if you keep pushing there will be consequences. For now I will lock this thread.