eMarcel.com

Oracle Database, Fusion Middleware, Linux

Securing Home Network with SOPHOS UTM IDS

Traditionally, households are connected to the internet via modems. Modern modems come with builtin basic routers and Wi-Fi access points. All we have to do is to plug them in, activate the service and enjoy a vast ocean of content available on the internet. What if the “internet” would attempt to browse our home network?

Cyber threat real-time map: cybermap.kaspersky.com

Cyber threat real-time map: cybermap.kaspersky.com

Are traditional devices strong enough to secure home network from internet threats, or protect the children from browsing unwanted content? Unfortunately not. Their role is to provide internet service at basic security level. Home networks certainly need something more than simple modem to increase level of security. Here comes the enterprise grade firewall, an Intrusion Detection System – Sophos UTM Home Edition. And guess what, it is for free!

Example of a traditional home network topology:

Traditional Home Network

Typical home network has a cable modem, provided by Internet Service Provider (ISP), which is connected directly to the internet. Even at this stage the home network might be exposed to all kinds of cyber attacks. Good example is unchanged modem’s default settings, access point names and default passwords. Remember always to change default settings and passwords of all new network appliances. 

Network Protection Statistics

Most of the modems have basic firewall and Wi-Fi access point pre-configured and are ready to work, once the modem has been connected and activated. Users simply connect wireless devices to the access point and that’s it. This is the example of very common home network setup. But do we really realise what’s going on on under the hood? Even though there are fewer attackers interesting with hacking into typical home network, there are tons of automated scripts and robots scanning vulnerable networks which could be compromised and later used for malicious purposes.

What is an Intrusion Detection System?

An IDS is a device or software application that monitors a network or systems for malicious activity or policy violations. Any detected activity or violation is typically reported either to an administrator or collected centrally using a security information and event management (SIEM) system. A SIEM system combines outputs from multiple sources, and uses alarm filtering techniques to distinguish malicious activity from false alarms (source: wikipedia).

Sophos UTM 9 Dashboard

Sophos UTM 9 Dashboard

In other words, IDS monitors the traffic in our home network and filters dangerous packets, allowing only safe packets to pass through the IDS. It also prevents home network against cyber attacks (Intrusion Prevention System) and filters unwanted web content such as nudity, criminal acts, drugs and so on. It also gives users awareness of what is happening in their home networks offering wide range of detailed reports.

How to deploy the IDS in home network?

As mentioned already, the IDS can be either the device or software application. It means that we could either buy one of the hardware devices, which is frankly not designed for home networks, or we could download Sophos UTM Home Edition software and install it on a spare PC. Sophos UTM software can also be installed on a virtual machine.

Example of a home network topology armed with the IDS:

Home Network with IDS System

First of all, the cable modem is being used only for one purpose – to provide the internet at maximum performance. It has all other functions disabled, such as firewall, Wi-Fi access point. The reason is simple – don’t trust mass produced devices, having very often outdated firmware, and limited features. It is also set as DMZ device. Next there is a firewall, and the IDS device (firewall runs on IDS hardware). The IDS box is equipped with two network cards. The first card (external network) is connected to the cable modem. The second card (internal network) connects to the switch. The internet packets are distributed to the local Wi-Fi access point, and other network end-point devices such as desktop computers, smart TVs, game consoles or NAS storage. The most important is, that entire network traffic is being protected and monitored by the IDS. And this is the goal, to increase the protection of the home network in a similar way as enterprises.

Sophos UTM Home Edition is available at no cost for home users. Free license protects up to 50 IP addresses. It features full Network, Web, Mail and Web Application Security with VPN functionality such as OpenVPN.

The installation software can be downloaded here. It is fully-equipped software version of the Sophos UTM appliance which can be installed on any pc class device.

In the next article we are showing an example of IDS budget hardware and how to install Sophos UTM Home firewall Installing Sophos UTM 9 In Home Network >>>

 

(Visited 132 times, 1 visits today)

, , , , ,

3 Shares
Tweet
Share1
+1
Share2

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close