In the previous post Securing Home Network with SOPHOS UTM IDS we have introduced SOPHOS UTM 9 and we have discussed some benefits of having such system implemented in our home network. In this post we will focus on building that IDS Box, which is shown on the diagram above in a red square. Let’s take a look at example hardware which can be used to build our home network Intrusion Detection System.
|Intel NUC6CAYH, Celeron J3455||€ 129|
|RAM: Crucial 4GB PC3L-12800||€ 39|
|SanDisk SSD Plus, 120GB, 2,5″, SATA3||€ 60|
|TP-Link USB 3.0 to Gigabit Ethernet Adapter||€ 19|
In our project we are using Intel NUC6CAYH mini PC which has a quad-core Intel Celeron processor. It is power-efficient and very quiet device. Although it comes with only one network interface card (NIC), it is not an issue because that’s the way we save some money and we hook-up an USB 3.0 gigabit Ethernet adapter, which will serve as of a secondary NIC. This is because our IDS system requires two network interfaces – one for the external network (WAN) and the second for internal network (LAN). We’ve got 4GB of RAM and 120 GB solid state hard drive (more disk space is good for longer logs’ retention time). This configuration will ensure a decent performance and long up-time for our system.
The total price is around € 250 (2017), but this is only example of the hardware which can be used for this purpose. The IDS system can be installed on any spare desktop PC, as well as in a virtual machine. The minimum hardware recommendations are as follows:
IDS box must be installed in the way it intercepts traffic from both, external and internal networks. This means we have to plug it in between our ISP modem on NIC:2, and our local network switch on NIC:1. This way our entire network traffic will flow through IDS. It will serve as a router, an internet gateway, a firewall and a DNS forwarder to all devices in our local network. It will also manage entire network traffic.
For example we can define a firewall rule which will prevent our Smart TV from accepting inbound connections from the internet, or block communication between a gaming console and a network printer, or maybe we would like to block WiFi mobile devices from accessing our NAS storage, etc.
Free Sophos UTM Home Edition features full Network, Web, Mail and Web Application Security with VPN functionality and protects up to 50 IP addresses. You can register and request for software download URL here. Register your account as a home user and follow instructions from an email that you will receive to download ISO image of Sophos UTM. You will also receive your free license attached with that email. We will be using USB pen drive as our installation medium, so no need to burn ISO image onto a CD.
Note: You must download the latest version of the following ISO image: UTM v9 software appliance “asg-9.506-2.1.iso” (2018). Do not download hardware appliances ISO images.
Once the ISO image has been downloaded, we create a bootable USB installation drive using Rufus. ISO requires at least 1GB on a memory stick.
Connect some keyboard, monitor and plug in USB installation media into free USB port and power up a PC. Go to BIOS settings and configure boot sequence the way it boots up from an external USB device.
TIP: After first reboot, you may login to the system as a root user. At the first login attempt you will be asked to reset root password. Just leave empty password for “Old Password:” prompt and set the new and secure password for the root user account.
The system is ready for initial setup. All configuration is done with Web Admin using web browser. Open the following URL https://10.0.0.2:4444 (IP of NIC1) to perform basic system setup.
Next, login to Web Admin console with username admin and the password you just set. Now you must activate the product with a license file obtained during the registration process (check the mailbox). Follow the Setup wizard:
Finally, we are ready to enjoy our brand new Sophos UTM 9 instance.
The installation process is straight forward. However the fun begins with IDS configuration, where we have to setup NAT, firewall rules, routing rules, network and websites protection. Sophos UTM comes with lots of features. Imagine you are running a web server, or a mail server, or access your home network over a VPN. All these network services can be monitored and protected by Sophos UTM. As a matter of fact, we pay a lot to our internet providers and our network’s bandwidth is pretty good, why not to utilize it to its full potential? Lightweight home websites, mail servers, lab servers can easily be running in home networks. The only challenge is to keep them secured and backed up.
Stay tuned!! In following articles we will focus on Sophos UTM configuration. The fun is just about to begin!
The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.