Dictionary

WireGuard VPN

WireGuard is a communication protocol and free and open-source software that implements encrypted virtual private networks (VPNs), and was designed with the goals of ease of use, high speed performance, and low attack surface.

OPNcentral

Is a centralized management plugin, it utilizes OPNsense’s restAPI to offer a range of centralized features.

GeoIP database

Is a database that maps IP addresses to geographical locations, such as a country, city, or region.

AMD EPYC

Is a brand of multi-core x86-64 microprocessors designed and sold by AMD, based on the company’s Zen microarchitecture.

IPsec

Internet Protocol Security (IPsec) is a secure network protocol suite that authenticates and encrypts packets of data to provide secure encrypted communication between two computers over an Internet Protocol network.

FreeBSD

FreeBSD is an open source operating system based on UNIX. The source code of FreeBSD is open source, which means that anyone can view and edit this source code. The operating system is widely used in servers, mainframes, workstations & embedded computers.

OSI

The Open Source Initiative defines open source software as software that is distributed with human readable source code in order to allow the user freedom to run, review, alter, enhance and modify the code for any purpose.

Firewall

A firewall is a computer network security system that restricts Internet traffic to, from, or within a private network. This software or special hardware software unit works by selectively blocking or allowing data packets.

Forward caching proxy

When using a forward proxy configuration, Caching Proxy machines are located between the client and the Internet. Caching Proxy forwards a client’s request to content hosts located across the Internet, caches the retrieved data, and delivers the retrieved data to the client.

Traffic shaping

Traffic shaping is used to optimize or guarantee performance, improve latency, or increase usable bandwidth for some kinds of packets by delaying other kinds.

MVC framework

The Model-View-Controller (MVC) framework is an architectural/design pattern that separates an application into three main logical components Model, View, and Controller. Each architectural component is built to handle specific development aspects of an application.

Back

Latest OPNsense® brings third party security verification

Deciso® announces the immediate availability of
OPNsense® Business Edition 22.10.

Ever since 2019 an OPNsense edition aimed at professional users is made available, called the Business Edition.

This edition offers additional safeguards where functional changes are being included in a more conservative manner and feedback has been collected from development and community.

The Business Edition is a mission critical version of the well known OPNsense firewall.

On top of that it offers specific business-oriented features such as central management (OPNcentral), web application firewall (OPNWAF) and a proxy service with fine grained access control and categories that can be used in policies (OPNProxy).

With 22.10 an important next step is taken by bringing a third party on board and mold a process around security verification by trained security professionals. This process was silently started with version 22.4 and, from now on, this third-party security verification will be standard for every major business release.

The security verification will be done according to the LINCE methodology developed by Spanish National Cryptologic Center.

“The Business Edition is a mission critical and LINCE compliant version of the well known OPNsense firewall. ”

LINCE is a lightweight methodology for evaluating and certifying ICT products based on Common Criteria principles and oriented to vulnerability analysis and penetration tests. Its strengths over other methodologies mainly consist of reduced effort and duration. However, the way in which it is applied also makes it possible to pay more attention to the critical points of each product, giving more weight to concrete and practical tests that combat real threats than to dense documentation or exhaustive functionality tests.

Together with jtsec an approach which makes it possible to pass the test twice a year was developed, to align with the Business Edition release schedule.

The OPNsense Business Edition is currently the only open-source firewall solution that offers LINCE compliance in its core.

OPNsense is the fastest growing open-source security platform with an Open Source Initiative (OSI) approved 2-clause or simplified BSD license. Its feature set is extensive and ranges from router/firewall to inline intrusion detection and prevention.

The project is defined by its innovation through modularizing and hardening, simple and reliable firmware upgrades, multi-language support, hardened security, fast adoption of upstream software updates as well as a large and friendly community.

Deciso is the company that founded the OPNsense project and offers turnkey solutions as well as commercial support and services.

About Deciso
Deciso B.V. (https://www.deciso.com) is a globally operating manufacturer of networking equipment. The company designs and produces complete products for integrators, OEMs and resellers. Deciso believes in the power of open source and actively contributes to the open source community. The company was founded in 2000 and is located in Middelharnis, the Netherlands

OPNsense
shop   https://shop.opnsense.com/
documentation https://docs.opnsense.org
security   https://docs.opnsense.org/security.html
community   https://opnsense.org/

Deciso B.V. https://www.deciso.com/

jtsec https://www.jtsec.es/lince-evaluation