Archive for the ‘Solutions’ Category

Practical computing tips for malware protection

January 27th, 2010

ADIT Services is tracking a dramatic rise in virus and malicious software activity within our branch networks.  We are asking each client to ensure that their office has current security \ antivirus software running on each computer.   In addition Microsoft has also released some important security updates for Windows, which should be applied as soon as possible on each branch computer.   The website for Microsoft update is .

Below are some safe computing tips that each person should follow

Malware is the all encompassing term for any unwanted software that invades your computer and makes unwanted changes. Spyware, adware, and viruses are lumped in this group. There are some great products out there that will help you clean up these infections, but the real trick to running a clean computer is to avoid exposing yourself to them.

1. Don’t use file sharing applications like Limewire, Bearshare, or Kazaa.

2. Never open an email attachment if you don’t know what it is. Even if you know the person who sent the email beware of attachments. Many computers with infections will send out email to everyone on their address book without the owner ever being aware.

3. If you get pop-ups when opening a web page don’t click inside the pop-up to close it. Always click the red “x” in the upper right corner. The “cancel” or “close” button in the pop-up might have unintended effects.

4. If you get a message from your computer warning you that it is infected and you need to download software to remove the virus, don’t do it. At this point you are already infected, downloading the fake virus remover will only make it worse. No legitimate software ever uses this tactic.

5. Avoid free downloads unless you are absolutely sure you can trust the source. Often these freebies are packaged with a good deal of adware, so be careful.

6. Use your work computer for work.  As simple as it sounds, we find non-work related activities on work computers accounts for almost all infections.

Most of the time good common sense will keep your computer safer than whatever virus protection you have installed. Start practicing safe web viewing and you will find you rarely have a problem with malware.

As always ADIT Services, LLC. is here to help or answer any questions or concerns you might have.

Solutions , , , ,

pfSense support and deployment help available

June 4th, 2009
Comments Off
PF Sense


Common Deployments

pfSense is used in about every type and size of network environment imaginable, and is almost certainly suitable for your network whether it contains one computer, or thousands. This section will outline the most common deployments.

Perimeter Firewall

The most common deployment of pfSense is as a perimeter firewall, with an Internet connection plugged into the WAN side, and the internal network on the LAN side. It supports multiple Internet connections as well as multiple internal interfaces.

pfSense accommodates networks with more complex needs, such as multiple Internet connections, multiple LAN networks, multiple DMZ networks, etc. Unlike many similar solutions, you can deploy systems with dozens of interfaces if needed.

Some users also add BGP capabilities to provide connection redundancy and load balancing.

LAN or WAN Router

The second most common deployment of pfSense is as a LAN or WAN router. This is a separate role from the perimeter firewall in midsized to large networks, and can be integrated into the perimeter firewall in smaller environments.

LAN Router

In larger networks utilizing multiple internal network segments, pfSense is a proven solution to connect these internal segments. This is most commonly deployed via the use of VLANs with 802.1Q trunking. Multiple Ethernet interfaces are also used in some environments.


In environments requiring more than 3 Gbps or 1 million packets per second of sustained throughput, no router based on commodity hardware offers adequate performance. Such environments need to deploy layer 3 switches (routing done in hardware by the switch) or high end ASIC-based routers. As commodity hardware increases in performance, and general purpose operating systems like FreeBSD improve packet processing capabilities in line with what new hardware capabilities can support, scalability will continue to improve with time.

WAN Router

For WAN services providing an Ethernet port to the customer, pfSense is a great solution for private WAN routers. It offers all the functionality most networks require and at a much lower price point than big name commercial offerings.

Wireless Access Point

pfSense can be deployed strictly as a wireless access point. Wireless capabilities can also be added to any of the other types of deployments.

Special Purpose Appliances

Many deploy pfSense as a special purpose appliance. The following are three scenarios we know of, and there are sure to be many similar cases we are not aware of. Most any of the functionality of pfSense can be utilized in an appliance-type deployment. You may find something unique to your environment where this type of deployment is a great fit.

VPN Appliance

Some users drop in pfSense as a VPN appliance behind an existing firewall, to add VPN capabilities without creating any disruption in the existing firewall infrastructure. Most pfSense VPN deployments also act as a perimeter firewall, but this is a better fit in some circumstances.

Sniffer Appliance

One user was looking for a sniffer appliance to deploy to a number of branch office locations. Commercial sniffer appliances are available with numerous bells and whistles, but at a very significant cost especially when multiplied by a number of branch locations. pfSense offers a web interface for tcpdump that allows the downloading of the resulting pcap file when the capture is finished. This enables this company to capture packets on a branch network, download the resulting capture file, and open it in Wireshark for analysis.

pfSense is not nearly as fancy as commercial sniffer appliances, but offers adequate functionality for many purposes at about 2% of the total cost.

DHCP Server Appliance

One pfSense user deploys single interface pfSense installs as solely DHCP servers. In most environments this probably does not make much sense. But in this case, the user’s staff were already familiar and comfortable with pfSense and this enabled further deployments without additional training for the administrators, which was an important consideration in this deployment.

DNS Server Appliance

There is a pre-built DNS Server appliance available, pfDNS. This is a custom version of pfSense with a simplified web interface, providing only the functionality desired on a system functioning strictly as a DNS server. There is a tinydns package available for pfSense that allows you to add this functionality to a stock pfSense install.

Voice over IP (VoIP) Appliance

A FreeSWITCH package is available.

Company, Solutions