Today I’m going to describe my way for defending my network against malewale and others unwanted parts of internet.
I decided to extend security of my network after some reflections after attacks of Cryptolocker, Flash vulnerabilities, fake invoices and more… Every one should be aware that antivirus is not enough! Since 2006 we have 500 000 000 variants of maleware ! Most of you may remember times when windows firewall and not complex anti malware programs were used like Spybot – Search & Destroy . And That was enough ( sometimes). But today we have access to more sources of software, we are longer connected to the network. In practise it means that someone has more opportunities and more time to attack your computer. Please don’t take this as screaming ” Worlds ending is coming…”
As you see on this chart from www.av-test.org the size of problems is quite big. For me it means I need bigger gun!
In my case it is more complex firewall, proxy with antivirus and IPS (in my last project based on ipfire and Banana R1, IPS based on SNORT wasn’t worked so I decided to find another solution) Internet Prevention Solution . I decided to use Sophos UTM, because it allow to use enterprise solutions at your home network, and it has IPS! What is it means?
It means that we have a bigger gun! At this moment Sophos allows to use antivirus on 10 computers in your home network ! Enterprise class solution for free!
In Common sense and software protection must be balanced. In practise it means when you recve atachement which is not from company known to you, or you are not in my opinion , if your network is one client only based , special heavy weapon against malware is not needed. Lets name this situation as basic network. I will visualise every situation later. Network of this class is soft based security only . It means that first device in your network and av software on your laptop is your first line of defence. If you have NAS, multimedia devices in your network more complex security should be taken for consideration. Why? Because it is not only yours laptop can be attacked , but other devices as well. Most of them has disabled remote admin panel, but some ports can be opened and one of them could be a weak point in your network. Why? because devices like routers (read more at http://routersecurity.org/bugs.php), multimedia servers (openelec etc.) can be a source of future problems! This is medium home network. And more devices means less secure environment.
If you have old ADLS modem (I have 2) , and some money to spend, you can buy Zotac Nano CI 323 fan-less mini computer. It is powered with 40W supply and is totally noiseless. It is quite important if you don’t have separate place for IT stuff in your home.
ProcessorIntel N3150 quad-core 1.6GHz, up to 2.08GHz
System Memory2 x 204-pin DDR3L-1600 SO-DIMM slots (up to 8GB)
Only what you need is memory (low voltage!) and HDD drive
If we have all, we should take for consideration what we gonna install in this box first. I decided to install Sophos UTM 9 Home edition. It can protect up to 50 devices in network, 10 free licences for Sophos Edpoint Security, which are managed by rules setted up from managing console on the server. So my private laptop , PC computer and all others will be save and It costs nothing! Licence is for 3 years and probably will be renewed. I forgot to mention that device has two LAN ports one is used for WAN, second for LAN (wireless will not work on this software).
What it will give you ?
- free antivirus protection. First time files , scripts, web pages are scanned bu UTM, then by your antivirus installed on your laptop. So it means double security!
- network filtration by firewall, proxy and blocked categories of web pages , what is very important when you have children at home.
- possibility to lock incoming and outgoing traffic from unwanted countries.
- monitoring of your network
- reporting on your email about healths of UTM and your network . Thanks to that I was informed that my wife’s laptop has been infected by Cryptolocker (traffic has been automatically disabled by UTM)
Typical daily report looks like this:
On the end my net looked like this
Because I have a ADLS connection I will need separate device as modem on WAN side. I used old Sagem switched into bridge mode. Second TPlink as Access Point.
Configuration of Sophos UTM it very easy. Installation from pendrive , post configuration in Text mode . Don’t be afraid , there is a configuration tool . It just looks like installation of old DOS application .
When you configure basic settings , after last reboot you will be able to finish configuration via WEB interface. Hot to do this you can see in videos of user sophosproducts on youtube.
Functions and features of Sophos UTM . Interface and configuration (see more movies from this user)
I will create my own tutorials about Sophos in the future, because it is worth of it. But I will need more time for it 😛