The OPNsense 15.7 release added i386 and NanoBSD support, LibreSSL support, re-based to FreeBSD 10.1, added OpenDNS support, intrusion detection support, new local/remote backlist options, some security fixes, and added many other new features.
bsdtalk 254 [Ogg]
The ecosystem is based on Security-Enhanced Linux (SELinux), but it adds role-based access control with a policy for each role, so no one can get to the system root and the root can’t see user data. All access is logged, so any attempts to penetrate the system can be traced. Policies are based on roles such as security admin, audit admin and sysadmin, and each file is tagged with a security level so some users can see it while others can’t.
The main features at a glance:
Using Sencha ExtJS 5.1.1 framework for the WebGUI
Add a new dashboard and widgets
Many internal improvements and bugfixes
Improved the internal network interface backend
Add Wi-Fi support. Only WPA & WPA2 is supported
Add VLAN support
The network interface configuration page has been modified. Now only the configuration values are displayed. Use the dashboard widget to show the state of all network interfaces.
The public key of the user must now be specified in the RFC 4716 SSH public key file format. It is possible to add multiple keys.
Option to turn off the collection of system performance statistics.
Use the browser local storage to store the WebGUI state (e.g. displayed grid columns, column width, …) instead of cookies.
Pica8 CEO: Cisco's 'Primitive' ACI Poses Greater Security Risk Than Open Linux-Based White-Box SwitchesSubmitted by Roy Schestowitz on Monday 22nd of June 2015 05:41:58 PM Filed under
Cisco Systems' Application Centric Infrastructure software-defined networking technology and its proprietary network switches pose a greater security risk than the open-source, white-box, bare-metal switches now storming the market, said Pica8 co-founder and CEO James Liao.
The Linux Foundation's Core Infrastructure Initiative (CII) has announced a $500,000 investment in three projects designed to improve the open source technology's security and services.
The project will fund the ReproducibleBuilds, Fuzzing Project and FalsePositiveFree Testing initiatives.