security function

Started by baranmatin, January 09, 2022, 11:55:14 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
January 09, 2022, 11:55:14 AM
Hi
How the opnsense can check security function operation?
January 09, 2022, 03:00:43 PM #1
What exactly do you mean with security functions
January 10, 2022, 05:37:41 AM #2
security function like Cryptographic algorithms , digital signature algorithms , hash functions ,random bit generators etc
Tanx
January 10, 2022, 08:59:32 AM #3
We do not hand-roll any cryptography so all the verification is done by included projects such as libsodium, LibreSSL/OpenSSL, OpenSSH, kernel opencrypto, etc.


Cheers,
Franco
January 10, 2022, 09:51:58 AM #4
that's right, How can I test and  validate this function's operation?
In fact how the opnsnese  can validate it when turn on by itself .How is its mechanism?
January 10, 2022, 10:04:22 AM #5
So what's your threat model?


Cheers,
Franco
January 10, 2022, 11:28:31 AM #6 Last Edit: January 10, 2022, 11:50:45 AM by fbiglary
perhaps I couldn't explain  my mean well.
In fact I want to introduce OPNsense to my company as an opensource  firewall. I should  to assure my boss about security of OPNsense. My boss ask me if there is a way to test security functionality when start the device to working or in duration of working .for example does opensense check  security algorithms that they work correctly before using it?
January 10, 2022, 12:01:40 PM #7
What's your current firewall? How do you check "security" there?

Which size of company? Which threat model?
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare

felix eichhorns premium katzenfutter mit der extraportion energie

A router is not a switch - A router is not a switch - A router is not a switch - A rou....
January 15, 2022, 06:34:54 AM #8
Hi and thanx for your answering.
at the moment we don't have any firewall in this branch but we have other branch same as this that we use Fortigate 111C.
We want to use Opnsense as a firewall and we want to apply some firewall rules with IPS. we want to use snort as an IPS.
This branch of our compony have about 20 computers with 4 or 5 Mb traffic at most.
Unfortunately I cannot understand your mean about threat model. I'm sorry.
I will be pleasure if you can help me.
best regards
January 15, 2022, 03:21:41 PM #9
Quote from: baranmatin on January 15, 2022, 06:34:54 AM
Unfortunately I cannot understand your mean about threat model. I'm sorry.
I will be pleasure if you can help me.

Usually you have the diamond model:

https://owasp.org/www-chapter-dorset/assets/presentations/2019-04/Cyber_Kill_Chains-11-Apr-19-OWASP-Dorset.pdf Page 8+

Some general Questions for yourself are:
* Who is the attacker?
* Who/What is the Victim?
* Threat?
* Impact?

If you answered that questions, you can calculate the risk (= probablillty * impact) and with that information, you know the required protection level and you can decide, what products etc. are needed.
January 18, 2022, 08:22:39 AM #10
Quote from: baranmatin on January 10, 2022, 11:28:31 AM
perhaps I couldn't explain  my mean well.
In fact I want to introduce OPNsense to my company as an opensource  firewall. I should  to assure my boss about security of OPNsense. My boss ask me if there is a way to test security functionality when start the device to working or in duration of working .for example does opensense check  security algorithms that they work correctly before using it?

And how do you check that stuff on your Fortigate?
(Unoffial Community) OPNsense Telegram Group: https://t.me/joinchat/0o9JuLUXRFpiNmJk

PM for paid support
Print
Go Up Pages1
User actions