Network Analysis with pfSense

pfSense provides network firewall, VPN, and other services to users and network operators. It offers IP and port blocking, VPN termination, and DHCP and DNS services. In this course, you'll learn to detect and block adversary activity using pfSense.
Course info
Level
Intermediate
Updated
Feb 25, 2021
Duration
38m
Table of contents
Description
Course info
Level
Intermediate
Updated
Feb 25, 2021
Duration
38m
Description

Cyber attacks are hitting our networks daily, and some of them have become very advanced. Traditional firewalls can be used in order to help the process of detecting and blocking them. In this course, Network Analysis with pfSense, you’ll cover how to utilize pfSense to protect and detect against common attack and exfiltration techniques in an enterprise environment. First, you’ll demonstrate how to setup a decoy VPN server using pfSense to detect compromised accounts. Next, you’ll operate pfSense to block the use of alternate protocols by blocking unnecessary ports and protocols. Finally, you’ll analyze known anonymity and C2 networks and block them using pfSense’s DNS services. When you’re finished with this course, you’ll have the skills and knowledge to block and detect these techniques External Remove Services T1133, Exfiltration Over Alternative Protocol T1048, and Proxy: Multi-hop Proxy T1090.003 using pfSense.

About the author
About the author

Joe is a Network Consulting Engineer and has worked in the IT industry since 2010. He has experience in teaching and mentoring IT professionals in both DoD environments and in the civilian sector, in both the networking and IT security fields.

More from the author
Cisco CyberOps: Analyzing the Network
Intermediate
2h 1m
Dec 11, 2020
More courses by Joe Abraham
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Welcome to Pluralsight and this Blue Team Tools course featuring pfSense, the open source network analysis and detection tool developed by Scott Ullrich and Chris Buechler and maintained by Netgate. This tool can help us prevent and detect many different attacks and TTPs, just like its commercial counterparts. We'll use it in this course to help protect external remote services using a honeypot VPN. We'll use it for filtering ports used in file transfers to prevent exfiltration of data using alternate ports and protocols, and we'll also block traffic to known malicious networks through dynamic blacklists. PfSense is used as a network firewall and provides many other services, but its name was derived from the tool that the software uses, packet filtering, or pf; therefore, it's our packet filtering firewall ready to help us mitigate some potential threats. I hope that you'll join me in learning about pfSense in the Network Analysis pfSense course, here at Pluralsight.