After installing OPNsense, the default login is the root user. Logging in as the root user is generally not advised because the root user has full access to files and processes. Linux users, for instance, are asked to create a separate user account upon installation. The user can then use the sudo command to elevate privileges to perform administrative tasks. If the user’s account is compromised, in theory the root account is still protected (assuming there is no privilege escalation vulnerability being exploited or the password has been discovered).
Sunny Valley Networks is a startup company that has partnered with Deciso, the creators of OPNsense, to create a plugin called Sensei which adds deep packet inspection and more to OPNsense. These features add greater visibility into your network. Sensei also has built-in cloud threat intelligence that can be used to block web/application access and to prevent known malware attacks. This post will focus on the features of Sensei and the differences between the Free Edition and the Home Edition.
A VPN server can provide an encrypted connection to your home network. It is a great way to remotely access your network since it provides a high level of security. Once you are connected to the VPN server, you essentially become a part of the network in which you are connected. This is different than using an SSH server because you are not directly connecting to a single machine on your network.
There are two common ways of accessing your home network remotely and securely: a SSH server or VPN server. Both options have various pros and cons as is usually the case when comparing two different things. These technologies provide an encrypted connection which is important for security of your network when you want to have remote access to your network. Encryption alone is not enough to guarantee security. You can easily be communicating with a malicious hacker via an encrypted connection.
Historically, DNS is a service that was designed to be unencrypted. Whenever a device from your network is trying to go to a web address, it needs to determine the IP address of the website in order to access it. With the increasing levels of tracking and data sharing/selling, a growing awareness that having DNS traffic unencrypted is not a good idea from a privacy and security standpoint. ISPs and other entities are able to know which sites you visit even if all of your web traffic is encrypted.