[H-GEN] Good practice and home networking

bjf at bjf.id.au bjf at bjf.id.au
Sun Sep 9 16:20:18 EDT 2007 

Hi All,

I'm in the process of getting ADSL hooked up in the flat, and are  
wondering what general advice is going around these days on the 'best  
practices' for setting up a enthusiast home network connected to the  
internet.

Should I go for an all-in-one ADSL modem/router/hub/wireless box from  
Linksys or Netgear, or go for a lower end network-layer device, and  
hook it up to a cheap beige box running BSD or Linux?  Tradeoffs: I've  
heard enough horror stories about the bad guys carrying out automated  
hack attacks on crappy Chinese-made consumer home routers, but on the  
other hand, properly configuring a PC-based router is a lot of work.   
Having a PC do the job means I can keep a closer eye on the network  
and do upgrades.

When I went through uni, the advice there was that services should  
never be run on the internet-facing router.  Does this still hold?

What are sensible options for a home network, where I conceivably want  
services inside my network to be inaccessible from outside (private  
trusted network), and possibly, a box running services accessible from  
outside?

* A three-legged firewall is one option: one side connects straight to  
the internet, the other side connects to my internal network, and the  
third side connects to machines on a DMZ subnet.  Do any HUMBUGgers  
bother running this kind of setup at home?

* Does anybody have any opinions whether I'd be better off using a  
Linux of OpenBSD OS on a PC-based router?  Specifically, is the  
network packet filtering support in OpenBSD powerful enough to warrant  
a second look?

* Going even further (and possibly, completely over the top), I've  
heard of people using two routers, with the middle segment being  
designated their 'DMZ' network segment where they put machines  
exposing external services.  Does _anybody_ bother with this in an  
enthusiast/home setup?

* What sort of machine/network monitoring and IDS tools do people use  
on their home networks these days?  Tripwire?  Anything else?  Granted  
that I'm not running a bank or have anything of real value on my  
network, but it would still be a pain in the butt to reinstall a  
cracked machine.

Have fun,

Ben.

More information about the General mailing list