Depending on the size of the internal network, added security can be had with the SNORT package on pfSense. Though it's not considered a layer 7 firewall (I don't think :)) It does help protect against or at least alert on some of the threats that were mentioned in the posting.
Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com On Wed, Mar 4, 2009 at 12:04 PM, RB <[email protected]> wrote: > On Wed, Mar 4, 2009 at 09:30, Vick Khera <[email protected]> wrote: >> What threats are you defending against? The firewall will not protect >> you against application flaws such as cross site scripting and SQL >> injection attacks. > > I agree, but given the context and content (no disrespect intended > either), I'm not sure Raleigh knows what he's looking for or what he's > defending against. > > Raleigh: the most basic form of firewalling today is precisely what > you stated - packet filtering. Firewalls in this category (pfSense > included) filter at OSI layers 2-4, meaning they don't get any deeper > into the packet than IP and port number. This defends against basic > attacks & reconnaissance including some DoS, address spoofing, port > scanning, and so on. pfSense also adds load balancing, VPN > termination, and other border services as well. > > If, as Ben & Vick have asked, you are interested in application-level > filtering (SQL injection, XSS, and other "layer 7" attacks), you'll > need to look at something more like a reverse proxy running > mod_security - pfSense does not offer application-level filters. > > > RB > - Show quoted text - > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > Commercial support available - https://portal.pfsense.org > > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
