My top recommendation for securing your home network (after turning off wireless services such as WiFi and Bluetooth and going with an ethernet setup) would be to use a program called OPNSense as a firewall and routing platform. (typically pronounced as ‘open-sense’). OPNSense is a free open source security suite. This program comes as a complete Linux installation based on FreeBSD.
What key features does OPNSense offer?
Firewall – Filters traffic based on predefined rules to control access to a network.
Intrusion Detection System – Monitors network traffic for suspicious patterns and alerts when potential threats are detected, but doesn’t actively block traffic.
Intrusion Prevention System – Actively blocks malicious traffic based on detected patterns, taking preventative measures to stop threats from entering the network. This is also known as an in-line system because it can block attacks based on both signature and behavior, meaning that it can stop unknown attacks or zero day exploits based on behavior of the network traffic.
A web based dashboard with reporting – The security suite offers a web based interface for setup and reporting.
What is required to run OPNSense?
The best practice is to run OPNSense on dedicated hardware. You can buy a good network appliance mini-pc. Recommended hardware can be purchased for around $200-$300.
You can get low-end hardware that just runs the firewall for a cheaper price. I would recommend the full firewall / ids / ips setup which would put you in that $200-$300 range. You can purchase these mini-pc / network appliances without any wifi antennas.
https://homenetworkguy.com/review/opnsense-hardware-recommendations
This is a good hardware guide at the time of this article, you should size based on the recommendation for all the major features firewall / IDS / IPS. Many options allow you to direct order from China to avoid major US web based retailers if that is your preference.
An alternate approach would be to use an old pc to run OPNSense, you would just need to get a second network card / connector. OPNSense generally would require intel based network cards for its use in this pc configuration.
OPNSense requires a Linux installation and a little setup, so it’s not quite a non-technical turn-key solution. However, a modern Linux installation is not too difficult and does not require a high degree of computer expertise.
Should everyone run OPNSense?
I would say it’s not required for everyone. If you’re not being targeted with hacking and you have backups and have followed the basic steps in the technology checklist, you can stop there and consider OPNSense as an optional upgrade. If you are receiving a lot of hacking attempts on your home network after disabling wireless services (WiFi and Bluetooth), this could be a good next step. It is also a good step to take to be proactive about your home network security. OPNSense allows you to monitor and prevent attacks on your network. So any further attempts to hack into your network will be much more difficult, and any outbound traffic will be recorded and monitored in greater detail, and also potentially blocked. It is really corporate level security for your home network with the advantages of an open-source solution. (Open source minimizes the chance of any intentional back doors, and your OPNSense installation is local so the OPNSense organization, based in the Netherlands, doesn’t have any of your data and can’t be compelled to do anything legally.)
OPNSense is not a replacement for pc or phone based firewall and antimalware programs such as Bitdefender. A well protected computing network should have both host based (your pc) and network based protection.
References:
OPNsense® a true open source security platform and more (n.d.). Opnsense.org. https://opnsense.org/
image is creative commons public domain. source: https://picryl.com/media/network-equipment-hardware-computer-communication-f3e649
targetedtechtalk@protonmail.com
Follow @TargetedTechTlk
