cybersecurity December 14, 2017 0

A secure home network with a free Intrusion Detection System

Traditionally, households have accessed the internet through the use of ISP modems, which often come equipped with basic routers and Wi-Fi access points. This allows users to simply plug in the modem and activate their internet service to start browsing the vast amount of content available online. What if the “internet” would attempt to browse our home network?

Cyber threat real-time map:
Cyber threat real-time map:

Are traditional devices strong enough to secure the home network from internet threats, or protect the children from browsing unwanted content? Unfortunately not. Their role is to provide internet service at basic security level. Home networks certainly need something more than a simple modem to increase its security.

To protect your network and ensure the security of your personal information, it is important to consider implementing measures such as a firewall or Intrusion Detection System (IDS) to prevent unauthorized access to your network. By taking these steps, you can safeguard your home network and keep your personal information secure. Here comes the enterprise grade firewall, an Intrusion Detection System – Sophos UTM Home Edition. And guess what, it is free!

Let have a look at example traditional home network topology

A typical home network has a cable modem, provided by an Internet Service Provider (ISP), which is connected directly to the internet. Even at this stage, the home network might be exposed to all kinds of cyberattacks. A good example is unchanged modem’s default settings, access point names and default passwords. Always remember to change default settings and default passwords of all new network appliances. 

Most of the modems have basic firewall and Wi-Fi access point pre-configured and are ready to work, once the modem has been connected and activated. Users simply connect wireless devices to the access point and that’s it. This is the example of a very common home network setup. But do we really realize what’s going on under the hood? Even though there are fewer attackers interesting with hacking into a typical home network, there are tons of automated scripts and robots scanning vulnerable networks which could be compromised and later used for malicious purposes.

What is an Intrusion Detection System?

An IDS is a device or software application that monitors a network or systems for malicious activity or policy violations. Any detected activity or violation is typically reported either to an administrator or collected centrally using a security information and event management (SIEM) system. A SIEM system combines outputs from multiple sources, and uses alarm filtering techniques to distinguish malicious activity from false alarms (source: Wikipedia).

In other words, IDS monitors the traffic in our home network and filters dangerous packets, allowing only safe packets to pass through the IDS. It also prevents home network against cyberattacks (Intrusion Prevention System) and filters unwanted web content such as nudity, criminal acts, drugs and so on. It also gives users awareness of what is happening in their home networks, offering a wide range of detailed reports.

How to deploy the IDS in home network?

As mentioned already, the IDS can be either the device or software application. It means that we could either buy one of the hardware devices, which is frankly not designed for home networks, or we could download Sophos UTM Home Edition software and install it on a spare PC. Sophos UTM software can also be installed on a virtual machine.

Example of a home network topology armed with the IDS

Foremost, we want to ensure that the ISP modem is being used only for one purpose – to provide the internet at maximum performance. It operates in so-called “bridge mode” (you have to ask your ISP to switch the modem to this mode). In “bridge mode”, the modem has all other functions disabled automatically, such as firewall, Wi-Fi Access Point. The reason for this is simple – we can’t trust mass-produced devices, having very often outdated firmware, and limited features. From this moment, our own router (IDS BOX) is our Internet Gateway that we control and maintain.

Next there is a firewall, and the IDS device (firewall runs on IDS Box). The IDS hardware is equipped with two network cards. The first card (external network) is connected to the cable modem. The second card (internal network) connects to the local switch. The internet packets are distributed to the local Wi-Fi Access Point, and other network end-point devices such as desktop computers, smart TVs, game consoles or NAS storage.

The most important is, that entire network traffic is being protected and monitored by the IDS. And that’s the main goal – to bring your home network protection to an enterprise-grade level.

Sophos UTM Home Edition is available at no cost for home users. Free license protects up to 50 IP addresses. It features full Network, Web, Mail and Web Application Security with VPN functionality such as OpenVPN.

The installation software can be downloaded here. It is a fully functional software version of the Sophos UTM appliance which can be installed on any PC device.

In the next article, we are showing an example of IDS budget hardware and how to install Sophos UTM Home firewall. Installing Sophos UTM 9 In Home Network >>>