With so many options available, it can be overwhelming to choose the right one. However, if you are passionate about online security and want to have a deeper understanding of what is happening on your home network, you might consider creating your own home intrusion prevention system (IDS). Building your own IDS allows you to customize the system to your specific needs and can be done on a budget with the right equipment. In this article, we will guide you through the process of creating your own central home IDS to help you secure and monitor your network.
In the previous post Securing Home Network with SOPHOS UTM IDS we have introduced SOPHOS UTM 9, and we have discussed some benefits of having such system implemented in our home network. In this post, we will focus on building that IDS Box, which is shown on the diagram above in a red square.
Let’s take a look at example hardware which can be used to build our home network Intrusion Detection System.
|Intel NUC6CAYH, Celeron J3455||€ 129|
|RAM: Crucial 4GB PC3L-12800||€ 39|
|SanDisk SSD Plus, 120GB, 2,5″, SATA3||€ 60|
|TP-Link USB 3.0 to Gigabit Ethernet Adapter||€ 19|
In our project we are using Intel NUC6CAYH mini PC which has a quad-core Intel Celeron processor. It is power-efficient and very quiet device. Although it comes with only one network interface card (NIC), it is not an issue because that’s the way we save some money, and we hook up a USB 3.0 gigabit Ethernet adapter, which will serve as of a secondary NIC. This is because our IDS system requires two network interfaces – one for the external network (WAN) and the second for the internal network (LAN).
We’ve got 4GB of RAM and 120GB solid state hard drive (more disk space is good for longer logs’ retention time). This configuration will ensure a decent performance and long up-time for our system.
The total price is around €250 (2017), but this is only example of the hardware that can be used for this purpose. The IDS system can be installed on any spare desktop PC, as well as in a virtual machine.
The minimum hardware recommendations for Sophos UTM 9 are as follows:
IDS box must be installed in the way it intercepts traffic from both, external and internal networks. This means we have to plug it in between our ISP modem on NIC:2, and our local network switch on NIC:1. This way, our entire network traffic will flow through IDS. It will serve as a router, an internet gateway, a firewall and a DNS forwarder to all devices in our local network. It will also manage entire network traffic.
For example, we can define a firewall rule which will prevent our Smart TV from accepting inbound connections from the internet, or block communication between a gaming console and a network printer, or maybe we would like to block Wi-Fi mobile devices from accessing our NAS storage, etc.
Free Sophos UTM Home Edition features full Network, Web, Mail and Web Application Security with VPN functionality and protects up to 50 IP addresses. You can register and request for software download URL here. Register your account as a home user and follow instructions from an email that you will receive to download an ISO image of Sophos UTM. You will also receive a free license in that email. We will be using a USB drive during our installation, so no need to burn an ISO image onto a CD.
Note: You must download the latest version of the following ISO image: UTM v9 software appliance “asg-9.506-2.1.iso” (2018). Do not download hardware appliances ISO images.
Once the ISO image has been downloaded, we create a bootable USB installation drive using Rufus. ISO requires at least 1GB on a memory stick.
Connect some keyboard, monitor and plug in USB installation media into free USB port and power up a PC. Go to BIOS settings and configure boot sequence the way it boots up from an external USB device.
TIP: After first reboot, you may login to the system as a root user. At the first login attempt you will be asked to reset root password. Just leave empty password for “Old Password:” prompt and set the new and secure password for the root user account.
The system is ready for initial setup. All configuration is done with Web Admin using web browser. Open the following URL https://10.0.0.2:4444 (IP of NIC1) to perform basic system setup.
Next, login to Web Admin console with username admin and the password you just set. Now you must activate the product with a license file obtained during the registration process (check the mailbox). Follow the Setup wizard:
The installation process is straight forward. However, the fun begins with IDS configuration, where we have to set up NAT, firewall rules, routing rules, network and websites protection. Sophos UTM comes with lots of features. Imagine you are running a web server, or a mail server, or access your home network over a VPN. All these network services can be monitored and protected by Sophos UTM.
As a matter of fact, nowadays, we pay a lot to our internet providers and our network’s bandwidth is pretty good, why not to utilize its full potential? Lightweight home websites, email servers, home lab servers running self-hosted applications can easily be run within home networks.
The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.