Broadband Tech → Security → Security > How to secure home network?

How to secure home network?

Hi all,

Would a firewall such as Sonicwall or Zxyel be overkill for a small-medium home network, should I stick with a high end router?

The only draw back to higher end routers is they seem to mostly include wireless options. I want to move wireless functionality to a central location of the house away from clutter, so don't the function on a device I'd use to secure from the modem.

We're having a house built and ethernet prewired with a smartpanel. I planned on going with a Motorola SB6141 cable modem (100Mbps/20Mbps Comcast). I have 7 locations around the home wired for ethernet, going back to the smartpanel/cable modem. I'd like to secure from just after the cable modem.

We have about 5 computers (hosting lan parties), a qnap ts459 pro+ nas, several networked consoles/media devices, printers. Mostly we steam movies, share content from the nas and I occasionally remote into work.

I have been using the Home (free) version of Astaro Security Gateway (now called Sophos UTM) for a few years and have been quite happy with it. I run it on a PC (optimized for low acoustic noise) that I put together out of used parts.

The main drawback is that you need to know more about networking than having heard the term to be able to get everything configured. Since the free version is pretty much the same as the paid one (only a few things have been removed), this is intended for use by professional IT techs and it is thus not a "plug and play" solution. If you have the necessary knowledge, this is an extremely versatile program, with many pages of configuration options.

Is this "overkill"? Some may say that it is, but I like the security of being able to scan the data coming from my ISP with 2 separate anti-virus programs (within the UTM appliance) before the data even reaches my network. When an AV program is also run on my computer, the data will have been checked 3 times. One advantage to using multiple AV scans (from different vendors) is that one company may respond to an emerging threat faster than some other vendors.

If you choose the router approach, every wireless router permits you to disable the Wi-Fi, so that you can use an external Wireless Access Point.

All I know about the SonicWall is that it's more expensive than the ZyWALL. A SonicWall or Zyxel ZyWALL wouldn't be overkill, but they are more difficult to configure. For instance, if you forward a port, it doesn't just work. You also have to create a separate firewall rule for the corresponding port forward. I used to have a ZyWALL 2WG, and needed assistance in the »ZyXEL forum to get it properly configured. I had assumed that it would be easy to upgrade to a 20W, and found out that the interface had changed, and I needed assistance all over again back in the ZyXEL forum.

So lots more options, but steeper learning curve.
--
Proud ASAP member since 2005
Microsoft MVP/Consumer Security 2009-2010

Much like Dave in Poway, I use an older box with additional NICs running a firewall/router distro of an open-source OS. I use pfSense instead of Astaro because I use it for business as well as home, and ASG isn't free for business use.