“I have a router between the Internet and my computer, I don’t need a dedicated firewall.” – Said lots of people who don’t believe in defence in depth and should know better.
D-Link addresses home router vulnerabilities.
So, if you’ve got a model listed you’ll need to patch the firmware when your version is released.
Have use Dlink for my house. I guess I am going to have to drag out one of the 5 Cisco routers I have laying around in the basement and set them up instead.
Hopefully not one with an NSA backdoor left open.
Mikrotik…it’s what all the cool kids are using.
Don’t run out-of-the-box router firmware. DD-WRT works well on a Linksys/Cisco, or try OpenWRT for others.
Oh dear.
I use Apple Extreme and all other Apple products … What’s a D-Link
Last time D-link suggested a fix for “vulnerabilities”, within 2 hours after applying the fix, the ISP forwarded me a message from a Hollywood studio who was upset that one of their series (Homeland) had been downloaded. Never happened before, after numerous downloads and never happened again after we started using another D-link router that did not need the fix.
Anybody have experience using Smoothwall or one of the other Linux firewall distros? If all the routers have back doors like this, and I suspect they do given the number of new exploits every month, maybe it’s time to lock things down harder.
I used to use Smoothwall a few years ago in the 2000’s, just wondering how it’s progressed since then.
Phantom, Smoothwall is an excellent product, although maybe a bit too much for a home user.
If all you’re looking for is just a packet firewall, then IPTables with Linux, or PF from the *BSD variants is sufficient. The learning curve is steep but not too bad if you just think about what you’re doing.
Having said that, Smoothwall does offer everything in one package that’s relatively easy to set up. The downside of that is the more ‘stuff’ you have on a box, the more potential for vulnerabilities.
Regardless, there’s a learning curve, but if you spend a couple of days reading you can get a good perspective of all of the components and how they operate together.
I’ve built dedicated gateway devices using 1u rack chasis, using the components of Smoothwall, but not Smoothwall and w/out the fancy user-friendly setups. I really couldn’t use Smoothwall for that as I needed multiple routing tables based on what network things were going to/from.
Niiiice 1u unit Lance. That’s exactly what’s needed. So -cheap-!
Things I liked about Smoothwall were:
1) Free!
2) no-brainer install.
3) comes locked down, you have to deliberately open things.
All I’m doing is securing a home network, it does do that right out of the box. I don’t have any VPN or other things going on.
I may also have to look into something for work, got wiFi and stuff in here to be concerned about.
Know any vulnerabilities on Asus routers?
You mean like these ASUS vulns?
FWIW, that 1U unit _is only the chasis_. For the full kit minus hard drive, this is the equivalent, or this for a almost-all-in price. Again, no HDD. 🙂 It’s just a little 1.8G Atom, but they work great for specialized applications.
I tried USB thumb drives for my firewalls, but Linux is so stringent on file systems that ‘always on’ USB thumb drives are annoying, even using XFS, JFS or ext4. Ended up going with small hard drives instead.
Works awesome as a small server. I don’t recommend it for a desktop or anything like that as the integrated graphics and the processor are not up to spec, it really is meant for a small server that only needs a single hard drive. Power usage and noise is the smallest I’ve ever had as a server. They are fan-less, so the only noise is from the HDD. If you go SSD then there is no noise.
I noticed that it was just the chassis after I made the comment. ~:) For an always-on system long term its the electric bill that will get you here in Dumbtario, so power consumption is a bigger concern than initial price tag. I believe I may look into the Intel Atom unit you posted.
There’s also the Intel Edison development board, that’s a whole PC in a cigarette pack with super low power draw. I looked into using a Raspberry Pi for this job, and they’re just not quick enough yet. Plus, only one network port. I’ve got a Raspy running a digital sign very successfully, but that’s a 100% plug-and-play deal where all it has to do is run a slide show and play video. There’s an application called Screenly that does the whole thing for you.
However, the Raspberry Pi 2 is coming out soon soon, it may have the horsepower to be a firewall. We shall see.