Samiux's Blog

Open Source is a great idea and it has changed the world! Open Source forever ....

While you do not know attack, how can you know about defense? (未知攻,焉知防?)

Do BAD things .... for the RIGHT reasons -- OWASP ZAP

It is easier to port a shell than a shell script. -- Larry Wall

Most of you are familiar with the virtues of a programmer. There are three, of course: laziness, impatience, and hubris. -- Larry Wall

为天地立心，为生民立命，为往圣继绝学，为万世开太平。 -- 王炜

Tuesday, November 14, 2017

VPN and IPS For Public Wifi

Many friends of mine always asking me how to protect themselves from being hacked. The most asked question is how to protect them from being hacked when using public wifi. They are asking if VPN can do it or not as they saw a lot of advertisement about it.

I recommend them to use their own VPN server with additional protestion, such as Intrusion Detection and Prevention System (IDPS), Next-Generation Firewall or Unified Thread Management System (UTM). It is because most of those products equipped with Anti-Virus/Malware, Exploit prevention and etc. It would be more better and more secure than just use commercial VPN alone.

Open source solutions will be very great for home users and small businesses. I recommend pfsense with suricata and Croissants. pfsense basically is a router and it can install suricata plugin that making it to be an inline IPS. pfsense also have build-in VPN. On the other hand, Croissants is designed for inline IPS and it does not comes with VPN. You need to setup your own.

Once the VPN and IPS are setup, when you are going to use the public wifi, you can connect to the public wifi hotspot and then connect to your VPN which is setup at your home or office. The traffic will be go through the inline IPS via VPN. As a result, you will be under the protection of the IPS. However, the downside is the battery of your mobile device (such as smartphone) will be drained out more quickly. Therefore, you can connect to your VPN when necessary.

Finally, when using pfsense with suricata, you need to fine tune the rules set in order to prevent some false positive alerts. However, Croissants is already tune for daily usage.

Reference

pfsense Official site
Youtube - Build a Router 2016 Q4 -- pfSense Build
pfsense Forum - Suricata true inline IPS mode coming with pfSense 2.3 -- here is a preview
Youtube - pfSense: Network Intrusion Detection w/Suricata (pt4)
Youtube - Suricata Network IDS/IPS System Installation, Setup and How To Tune The Rules & Alerts on pfSense
Croissants - Intrusion Detection and Prevention System

That's all! See you.