Many “NGFW” creations looks into the application-stack “layer 8”. I am however pondering over, since many seems to also identify the underlying OS (for enabling better and easier rule-sets per device category for example) – why not also provide a baseline for that specific OS – what to expect and also identify the normally permitted traffic – and the underlying connectionpoints for those. With this reasoning, one could filter out lots of garbage traffic that otherwise needs to be looked at with all the possible UTM-profiles.
This would be something we all could benefit from, make easier exclusions on per OS-basis etc. If we learn what normal is, we do not have to look at it all the time – only in a fully forensic perspective would it be needed – to fully determine a timeline etc.
It has been a bumpy ride for the PiWall setup.
Memory-cards dying all over the place kinda killed the first PiWall and a few of the PiES.
The first incarnation of the PiWall held a bridge feature with wireless included with WPA2. Sadly due to stability issues with previous power supply I had to ditch it before – I might rebuild it again now that I have a new fancy supply attached.
I did also loose my nifty compiled squid proxy that made updating less costing bandwith wise (it has to be slim in space, power and bandwith – it´s raspberry pi´s! ).
However, now they are finally in order, and ready to perform all the fun stuff I want.
The main layout goes as follows;
All PiES uses rasbian as base – some the full featured version, and some the lite release. Hardware wise they are Raspberry Pi B, B+ and raspberry pi 2´s.
Top – PiWall – simple firewall gateway with NAT. Uses NTOP for enjoyment over the webs. Featureset includes Gateway (NAT), DHCP,DNS. Will include Squid against attached usb stick on Pi-Blue.
Pi-Blue – the blue cable – for the Pi with the touchscreen that is attatched to the side. Graphs realtime with iftop. Will serve usb stick over NFS for additional r/w features (ie, squid).
Pi-Orange – Master node and will be used as controller for all. Any actions onwards will be directed from this baby.
Pi-Purple – Slave node.
Pi-Yellow – Slave node.
Pi-Green – slave node.
pies-switch – a “smart” netgear switch with a webinterface
On the side – One to many USB “psu”. Makes it easier..
Next step will be to re-compile glusterFS – I had it partially working until two SD-cards died…
I will try to in the future add Partial PXE-boot-like enviroment. Meaning that only data on the SD-card locally will be the needed boot-part – the rest will not reside on it, making the setup more durable and totally minimizing writes to the SD-cards.
Found an old image from back in the day that I uploaded to a site ratemynetworkdiagram.com.
(image created with SmartDraw trial version (“Ancient”) )
Now, one might argue that my drawing skills was better back then, but newer the less, the function of the network
still remains the same.
The introduction of a income did dramatically increase the “umpf” of the layout, and so did a move. It’s gone through several
changes over time, and a more up to date sketch will take some time, since I have to dumb down the layout to the old sketch’s version ;).
Still, it’s fun to see that things do progress over a span of 10 years..
Don’t worry – I’ll do a continuation of this one with a current image (some day..) :).
where the bugs bites once or 10 / Security is the art of counter-deceit.