The guide will take you through the setup of the pfSense firewall with one WAN interface, one LAN interface and one Opt1-WiFi Interface.

This guide was written for Linksys, Netgear, and D-link users with no firewall or router experience. No experience is needed with FreeBSD or GNU/Linux to install and run pfSense. When you are finished, management of pfSense will be from a web interface just like any of the SOHO firewall/router appliances.

Requiring system accessibility via the Internet poses several problems for system administrators. One problem is allowing access by authorized users with the least amount of complexity on the client computer while keeping the system and its services safe from intruders. Common services that may be provided include web server, File Transfer Protocol (FTP) server, and Secure Shell (SSH) server. Each of these services can require different methods of security to ensure only authorized users have access.

The stability of an enterprise-wide infrastructure depends on understanding innovative, defensive security-related software. Linux Firewalls: Attack Detection and Response with iptables, psad and fwsnort written by Michael Rash and published by No Starch Press, outlines viable approaches that enable a defensive solution in depth.

Eighty percent of input to the brain is visual, and comes directly through the eyes. We humans are incredible machines with the ability to recognize patterns instantaneously. Machine technology is not capable of matching humans, and won’t be for many decades. Security data visualization translates complex data relationships into meaningful visual patterns that humans can quickly interpret. The book Security Data Visualization: Graphical techniques for network analysis by Greg Conti and published by No Starch Press answers the important and core question: can visualization help with security? The answer is a resounding “yes”.

Security has always been a concern when using a computer. First, we thought physical security was enough. After all, if the computer is in the house, how could anyone else get to it? But in today’s world, many of us live with our computers on-line twenty-four/seven. Security is not just loading up the latest protection software, but being aware of how the “bad guys” attack. Good security also requires vigilant testing and, since no one wants to simply issue a challenge to the “bad guys” and see what happens—they don’t typically fill out trouble tickets—we need to use tools that can simulate these attacks.

Honeypots look like victim systems waiting or searching for malware and other nefarious attacks, registering the enemy’s practices in high-resolution gory, blood-ridden detail. Virtualization allows one system to act as a network of disparate victim OS’s and services. Security experts can observe attacks live or stored for detailed analysis, learn the methodology of Dr Evil and generate statistics for internet wide attacks.

Most modern GNU/Linux distributions are secure with their default minimal installs, whether desktop or server, while some distributions are designed specifically with security in mind. However, any GNU/Linux distribution that needs services available to other users or systems will need either enhanced or configurable security. There are other situations in which added security is beneficial; for example, a large environment, while secure to the outside world, would be enhanced with additional security measures in place.

Network design

Have you ever wanted to configure a personal firewall for your GNU/Linux box, but were scared of the complexity of iptables? Well, I might not be able to make you a security expert, but I can show you a tool that will help you to configure your personal firewall the easy way. The secret? Firewall Builder (also known as fwbuilder for short).

No one would argue that software auditing is not an important feature of mission critical applications. If a software based process is critical to the life of your company, then so is the security and access control surrounding resources managed by that software based process. Auditing is the way you track who did what to what and when it happened. Lately, however, the software industry has been lackadaisical at best regarding auditing. Off the shelf software developers either care about auditing, or they don’t.

Pro Apache XML, authored by Poornachandra Sarang, PhD, and published by Apress, clearly explains XML, and, in specific, the Apache Software Foundation-related projects. eXtensible Markup Language (XML) is a human readable, machine-understandable text format. Web services send XML messages and XML acts as the underlying structure in configuration files for many modern frameworks and thus applications. In fact, the next quality-jump in the office suite is XML (zip compressed) document formats that are, in theory, easily translatable into other formats.

Good security is the basis of any viable website. With the internet being the most public of places, broken systems cost—money, reputations and possibly customer identities are the currency. Pro PHP Security, published by Apress and written by Chris Snyder and Michael Southwell, is a detailed and authoritive account of the security details that effect a successful deployment of a PHP website. The book ranges from the almost theoretical to the highly practical such as SQL injection attack hardening and validating user input.

In my last article my laptop had died a spectacular death from a full cup of coffee. I had to send it into the IBM depot, where they replaced nearly everything but the battery. Including the hard drive.

My files were all properly backed up, and I was even able to retrieve the few files I had worked on that day by connecting the drive to another computer. So when the service depot called and said they wanted to replace the drive, I said go ahead.