[H-GEN] Good practice and home networking
bjf at bjf.id.au
bjf at bjf.id.au
Sun Sep 9 16:20:18 EDT 2007
Hi All,
I'm in the process of getting ADSL hooked up in the flat, and are
wondering what general advice is going around these days on the 'best
practices' for setting up a enthusiast home network connected to the
internet.
Should I go for an all-in-one ADSL modem/router/hub/wireless box from
Linksys or Netgear, or go for a lower end network-layer device, and
hook it up to a cheap beige box running BSD or Linux? Tradeoffs: I've
heard enough horror stories about the bad guys carrying out automated
hack attacks on crappy Chinese-made consumer home routers, but on the
other hand, properly configuring a PC-based router is a lot of work.
Having a PC do the job means I can keep a closer eye on the network
and do upgrades.
When I went through uni, the advice there was that services should
never be run on the internet-facing router. Does this still hold?
What are sensible options for a home network, where I conceivably want
services inside my network to be inaccessible from outside (private
trusted network), and possibly, a box running services accessible from
outside?
* A three-legged firewall is one option: one side connects straight to
the internet, the other side connects to my internal network, and the
third side connects to machines on a DMZ subnet. Do any HUMBUGgers
bother running this kind of setup at home?
* Does anybody have any opinions whether I'd be better off using a
Linux of OpenBSD OS on a PC-based router? Specifically, is the
network packet filtering support in OpenBSD powerful enough to warrant
a second look?
* Going even further (and possibly, completely over the top), I've
heard of people using two routers, with the middle segment being
designated their 'DMZ' network segment where they put machines
exposing external services. Does _anybody_ bother with this in an
enthusiast/home setup?
* What sort of machine/network monitoring and IDS tools do people use
on their home networks these days? Tripwire? Anything else? Granted
that I'm not running a bank or have anything of real value on my
network, but it would still be a pain in the butt to reinstall a
cracked machine.
Have fun,
Ben.
More information about the General
mailing list