Re: [pfSense] Rebuilding confidence

2018-05-13 Thread Geoff Wolf
Have you looked at the capabilities of Suricata? It’s an open source IDS/IPS available in the pfSense package manager. It takes some setting up and rule adjustment to suppress false positives, but it’s fairly straightforward. There’s plenty of documentation available for it. I think this might

Re: [pfSense] Rebuilding confidence

2018-05-13 Thread C. R. Oldham
On 13 May 2018, at 15:48, Eero Volotinen wrote: You can replace you apple timemachine with unifi aps. https://www.ubnt.com/unifi/unifi-ap/ I second the recommendation of the UniFi access points. They are excellent. While I advocate strongly for pfSense, Ubiquiti also offers a "security

Re: [pfSense] Rebuilding confidence

2018-05-13 Thread ED Fochler
Richard, I agree with Eero, VLANs are real security. It will require time and effort and maybe some additional equipment. If it helps you sleep at night, it's worth it. You might start with just IP groupings and rules though. I have an admin network that only has a couple of

Re: [pfSense] Rebuilding confidence

2018-05-13 Thread Eero Volotinen
Well. You should use VLANs to segment IoT devices into different network. Anyway... some commercial vendor might provide a bit better protection ;) You can replace you apple timemachine with unifi aps. https://www.ubnt.com/unifi/unifi-ap/ Eero On Sun, May 13, 2018 at 10:44 PM Richard A. Relph