Security Bytes - MAR 2016 - Breathe New Life in Router
In one of my previous articles I touched on the topic of utilizing a hardware firewall behind your ISP internet router. Now more than ever this has become a HOT topic again with the advent of more malware and revelations of Govt spying on individuals via corrupt router firmware and backdoors.
While there are numerous commercial products that can be expensive to accomplish this one of the simplest ways to achieve a reasonable level of security and privacy is via an off the shelf basic router / firewall that you can purchase at nearly any computer store. Be mindful however that while many of these “ off the shelf “ products come ready to go it is HIGHLY advisable to re-flash them with new firmware that has been vetted by the security community to be secure and stable.
One such source is called DDWRT. It can be found at the following website: http://dd-wrt.comand it has the ability to be installed on numerous off the shelf products as well as being installed by default by some of the vendors on their support list. The advantage of this firmware is that it puts TOTAL control over what goes on in YOUR hands. While this may seem daunting at first, with a quick read o their documentation and hands on manipulation of the router firmware, one can quickly get up to speed as to what is going on at all times and get a better understanding for what devices on their network are doing. I would recommend looking at their router support list ( Found at this link: http://www.dd-wrt.com/wiki/index.php/Supported_Devices) to get a better idea of what router one can purchase in a store and still be able to install the firmware on it.
The power user will find this Firmware a delight to work with because it adds great features that are not normally available on standard firmware. Some of the features include, OpenVPN access, wireless vlans (virtual networks) and other features that depend upon the amount of memory and processor speed your router has. OpenVPN is an open source VPN implementation that allows one to set up a secure connection into your network from outside your home. Usually this feature is only available to commercial grade firewalls that one pays much more for.
Another product / Firmware that is worth mentioning is the use of PFsense, https://pfsense.org. This is another Open Source firewall that has been becoming more popular in the past few years. For the power user, one can just use an old computer with 2 Network Interface Cards ( NIC ) to set this up yourself or you can purchase one of their pre-built firewall packages from their web shop. Granted this product is MORE expensive than DDWRT, it is also targeted at business customers as well as home power users.
The time has come that we all take the initiative to understand what security means to us in our daily lives whether it be at work or at home. In many cases, we also work from home thereby it is important NOT to ignore the need for adequate security in the home as well
-Paul Mavrovic, CISSP