Jump to content
The Dark Mod Forums

Hardware firewall: recommendations


Bikerdude

Recommended Posts

Evening

 

Im growing tired of the lack of options provided by my so called business router (Cisco wrvs4400n), so I am considering the idea of using a seperate firewall that I can fully customize / configure to block both outgoing aswell as incoming.

 

Is there something I can buy of the shelf, with a web interface thats noist gonna cost more than £50-100?(Of the top of my head a Sonic wall springs to mind.) Or am I better off buying one of these micro cube PC's and put a firewall porientated version of linux on it? I am not a network guru by any stretch so if I have to go down the linux/micro PC route I will need the web interface to be intuative and user friendly.

 

ta.

Link to comment
Share on other sites

As a network manager, you only need to step up your protection if you're a target (i.e. are a popular internet figure, are storing personal records, don't live in Dark Ages England) or are completely inept when it comes to using the internet. If you are, no amount of protection will keep you safe. Otherwise, the bare minimum will see you just fine. Ironically I have no AV installed, have Windows' software firewall turned off and have an old Linksys WRT45G hunk of junk, and haven't had any issues in over a decade. Work, meanwhile, is a slow week if attempts are in single figures. Like I say, it's a matter of purpose. I'd say you're going above and beyond what's required of a mundane home network in a technologically backwards country.

Edited by Airship Ballet
Link to comment
Share on other sites

If you're using Windows 10, you are a target! haha, j/k!

 

Seems like Biker is more concerned with "pick and choose" outbound blocking than the other way around, AB. Also, if you're not monitoring inbound and outbound communications, how do you know if you're a target or not?... eh?

 

It does seem a bit overly complicated to me in all honesty, however far be it from me to tell anyone what to do on their network. Its a good way to learn, experimenting with network devices and software.

 

What are you specifically trying to filter, Biker? There are less complicated, targeted solutions to achieve certain results but that all depends on the results.

 

Can you expound upon your network goals?

Edited by Lux
Link to comment
Share on other sites

  1. If you're using Windows 10, you are a target! haha, j/k!

Seems like Biker is more concerned with "pick and choose" outbound blocking than the other way around, AB. Also, if you're not monitoring inbound and outbound communications, how do you know if you're a target or not?... eh?

It does seem a bit overly complicated to me in all honesty.

What are you specifically trying to filter, Biker? There are less complicated, targeted solutions to achieve certain results but that all depends on the results.

Can you expound upon your network goals?

  1. Not using the PoC that is Win10, and if I was having the abaility selectively block outgoing comms would be even more paramount.

Exactly, On my PC's I have a app called "windows firewall notifier". It provides a front end to the inbuilt windows firewall and allows me to block any app, poer, Ip ingoing/going on the fly either temporary or permantly. I am looking at doing something similar with a hareware based f/w, for example I want to block all outgoing traffic with relation to ports, and only open ports that apps and devices need (Im guessing thats a white list).

In enterprize enviroment this is the norm, so I am trying to do something similart at home.

I have been thinking about this for a while, but what prompted me was the rescent articable about samsung smart TV's. As per AB's post above I am carefull and sensible when I browse the net and what deives I connect to the net, but I cant configure/tweak to the TV because its runing a closed OS. So the only option is for me to block all outgoing comms for the IP assigned to the TV and only allow IPs & Ports it need for the few apps I have configured on it (iPlayer, Netflix, Youttube). As I have logging enabled on my router firewall, I found and blocked IP's that the TV had been going to (all based in the US), but this is a chicken and egg approach. This is where a whitelist would be far more convinient and usefull.

see answers 2 & 4.

Link to comment
Share on other sites

if you're not monitoring inbound and outbound communications, how do you know if you're a target or not?... eh?

(i.e. are a popular internet figure, are storing personal records, don't live in Dark Ages England)

Popular internet figure

Business

Storing sensitive data

Home network

 

Biker's looking into enterprise solutions for (currently non-existent) household problems. It's a waste of money, depending on how highly you value peace of mind. I've been here before though. What-if mentalities are basically impossible to compete with. It's totally feasible that a dude in a balaclava and baseball cap will stand outside your house with a laptop and see the contents of your fap folder, and admitting that will prompt some people to shell out for a new router. Same goes for smart TVs collecting usage data. If you need to step up your game in order to relax on the sofa, go for it, totally fine.

Edited by Airship Ballet
Link to comment
Share on other sites

@AB, your over simplifing it and being slightly offensive. If I 'want' to setup a firewall in my own home, then that's my prerogative. We all have the right to dictate where and when our data goes, I might not be able to do much about big corps and gvmnt abusing my data - but I can damn well do something about inside my own home.

 

So to that end, I'm hoping someone else on here has also approached this subject and has some related advice.

Link to comment
Share on other sites

I figured I'd be able to offer some insight, it being my job and all, but it's cool. I even said "nah you do what you want" because I figured you'd get antsy. This is the place for advice! It might not agree with your preconception, but that's no reason to take offence. Me saying "you're doing much more than you need to, but if it makes you feel better then go for it" shouldn't be construed as an insult. I'm not out to get you. You can relax. I'm not creeping into your house of a night and taking down your wi-fi set-up. You're looking to spend too much money on an excessive solution, like buying a combine harvester to do your back yard. It'd get the job done, but it's not exactly necessary, and it'd seem silly. Nobody would deny that it's your right to do so, but you'd be silly to bite their heads off for calling it a bit much, let alone dismissing them and searching a crowd of a thousand for the one guy who can offer you the best combine harvester model for your back yard.

Edited by Airship Ballet
Link to comment
Share on other sites

Not meeting all criteria, no. The cheapest I ever got installed at work was from ZyXEL. They were upwards of £100 each, and that was a bulk order. Decent value for money considering what they can do, but it'll take a bit of know-how to set them up. You could look into crappier, cheaper plug and play things, but I doubt you'll find a reliable one that doesn't kill your speeds and offer proper traffic moderation.

Link to comment
Share on other sites

To me Zyxel have always been know for cheap-nchearful modems, are thier f/w products a step up from that..?.

 

And regarding traffic speeds when filtered, I did wonder about this (as my cisco with IPS enabled kills my bandwidth, goes from 80mb/s down to 20mb/s. I assume if I want filtering and no loss of speed a hardware solution is gonna cost over £100..?

Link to comment
Share on other sites

Yep, sorry. They're intended for businesses, so they know they can charge way more than they're worth. There were no issues with the ZyXEL firewall after getting it set up, bearing in mind it was used to keep patient records safe. It goes far above and beyond what you need in terms of functionality, but unfortunately there's a big jump between Cisco pseudo-router firewalls and proper specialised firewalls like this.

Link to comment
Share on other sites

Kinda off-topic, but I got an Android device that was behaving strangely, showing me random ads. I discovered a very cool, easy to use and free graphical firewall for Android called AFWall+. Now all you need is a small Android device with two network ports.....

 

(This thing blocks all outgoing connections unless you explicitly allow it and it logs attempts by programs to connect, so you can see them)

Link to comment
Share on other sites

Personally I would recommend, if you just just bought the "smart tv", take it back and get one that doesn't have the "smart" features.

 

Reason being, they're currently garbage IMO. The interfaces are muck and not well designed and buggy. They also offer only those things that companies paid them to include.

 

Get a regular TV and toss your last computer systems hardware in to a cheap box with power supply and connect it to the TV. Then you have all the options you'd have using a PC, an interface that you choose, all the options on the web that come along with a PC, like a full - un-blocked web browser, and you can access all the sites/services you want unfettered. Full access, fully configurable, and the TV does what you tell it to using a bluetooth/wireless remote that controls the TV too.

 

Its not "wife friendly" (that's a saying, not mine, I'm not being a chauvinist) as in, you won't have 1 click browseable menus for a lot of things but that can be worked out if you're using Kodi w/Harmony remote in most cases. Plug ins for Netflix or pretty much any other service are available.

 

I did this with my old hardware using my old Win7 license and I'll never go back. Smart TVs are pretty imature software wise from all I've seen. You're usually going to get, "It works with this this and this...but this doesn't work or this doesn't work" kind of issues where if you're using a seperate connected box you're not going to have those issues.

 

Plus you have to deal with the issues you have where the device is communicating with some servers for data reporting/usage/updating statistics or has a camera/mic built in and its always on cause, Oops! we forgot to turn them off by default or other non-sense.

Edited by Lux
Link to comment
Share on other sites

This. Have a read about it here.

 

Those units have "Zone-based access control lists". Based on what Biker has said, this is what he's looking for. Cordon off the devices in the home in to a zone and control access to those devices in a specific way.

 

:thumb:

 

Personally I'd still go the non-smart-device route as the tech is just not mature and isn't full featured.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recent Status Updates

    • Petike the Taffer  »  DeTeEff

      I've updated the articles for your FMs and your author category at the wiki. Your newer nickname (DeTeEff) now comes first, and the one in parentheses is your older nickname (Fieldmedic). Just to avoid confusing people who played your FMs years ago and remember your older nickname. I've added a wiki article for your latest FM, Who Watches the Watcher?, as part of my current updating efforts. Unless I overlooked something, you have five different FMs so far.
      · 0 replies
    • Petike the Taffer

      I've finally managed to log in to The Dark Mod Wiki. I'm back in the saddle and before the holidays start in full, I'll be adding a few new FM articles and doing other updates. Written in Stone is already done.
      · 4 replies
    • nbohr1more

      TDM 15th Anniversary Contest is now active! Please declare your participation: https://forums.thedarkmod.com/index.php?/topic/22413-the-dark-mod-15th-anniversary-contest-entry-thread/
       
      · 0 replies
    • JackFarmer

      @TheUnbeholden
      You cannot receive PMs. Could you please be so kind and check your mailbox if it is full (or maybe you switched off the function)?
      · 1 reply
    • OrbWeaver

      I like the new frob highlight but it would nice if it was less "flickery" while moving over objects (especially barred metal doors).
      · 4 replies
×
×
  • Create New...