AI integration for OPNsense

[cdsane]

Hello all is OPNsense considering deploying AI into its software for proper network and security checks and analysis ??? I think it will be a fine addition to this firewall

[Patrick M. Hausen]

So called "AI" and "proper network and security checks" are a contradiction.

[DEC740airp414user]

sounds like a terrible idea

[nero355]

So called "AI" and "proper network and security checks" are a contradiction.

sounds like a terrible idea

Agree with the above! :)



#SayNOtoMachineLearningChatBots!

[drosophila]

Three question marks, what seems like puked-out grammar that lacks any effort, and a broad and unspecific question, all reeks of a spammer/bot, but the OP has at least a little posting history so I assume they wrote this in good faith instead of just spam or parroting buzzwords.

As such: it might be possible to have an AI-based rule analyzer that could possibly spot common mistakes and omissions. However, their results must be treated with care, just like if you'd manually fish random rule snippets off the internet. Maybe that could be worthwhile, but spending this much effort and likely fees on something so minor... nah. But since firewall rules are in the end generic, this sort of tool could be developed independently by the OP and work on the exported rule sets from all (Free)BSD-based firewalls, and a second version for Linux based ones. That could then be integrated as a community plugin if it proves to be helpful.

If this is what you have in mind: give it a go and see what it can do!

AI things are good at pattern recognition, so this would also be something for intrusion detection / prevention system makers to consider. But in that case the AI would have to run on the Firewall machine, given contemporary technology that'd be hard or need to be done like these voice-assistants using some external provider, nothing I would want to touch. Core OPNsense wouldn't benefit from this, except for the mentioned hypothetical analyzer. An AI-based rule generator wouldn't be worth it because AI-generated stuff is full of BS. It's fine for creating jokes and maybe translations, but most definitely not for anything even remotely security-related.

Possibly in some decades after the AI things have learnt to actually know what they're doing, if they ever will. Currently, "made with AI" is a stigma, not a badge of honor and definitely not a sign of quality, except in very specific cases.

[meyergru]

The question is too broad in general. What exactly should AI aim at in OpnSense?

- Finding software vulnerabilities? Yes, that is possible and is seems quite conceivable that Anthropics' Mythos model may find some bugs in the building blocks of OpnSense. But actually, that is not "using AI" in the product in the strict sense.

- Helping block hacking attempts? Because of the fact that AI does not "understand" anything, this may create errors of both first and second degree (i.e.: block both less and more than desired), like almost any old-fashioned IPS would do - which is why I do not trust those. Happy hunting for things that do not work if you try that...

- Helping users configure their firewalls? Well, at least you can argue that an AI will not lose it like some of us experts sometimes do... but seriously, I doubt that the results would be convincing. Been there, done that - and I consider myself somewhat knowledgable in the field. I even fear to imagine a beginner configuring OpnSense in tandem with an AI. On the other hand, you never know, maybe that is better than the beginner alone...

- So finally, an AI might also be useful by bringing to mind what high level of expertise is needed to configure a firewall by hacking away at users' setups on demand - in the hopes of finding at least the most obvious misconfigurations.