[H-GEN] Good practice and home networking

Chuckles listbin at chuckles34.net
Sun Sep 9 18:02:24 EDT 2007 

If you go with a decent adsl modem/router you can save your pc for 
something else. I've never heard any horror stories but good advice 
would be don't buy a "crappy Chinese-made consumer home router", spend 
the extra 50-100 bucks for a decent one.
The modem/router can provide the first level of firewall, then each 
machine can have its own firewall. If your worried about your machines 
being hacked then surely you should take a look at the machine security 
first.

What exactly are you going to be doing with this home network, maybe if 
its something advanced then the modem/router may not be the way to go.

bjf at bjf.id.au wrote:
> [ Humbug *General* list - semi-serious discussions about Humbug and     ]
> [ Unix-related topics. Posts from non-subscribed addresses will vanish. ]
>
> Hi All,
>
> I'm in the process of getting ADSL hooked up in the flat, and are 
> wondering what general advice is going around these days on the 'best 
> practices' for setting up a enthusiast home network connected to the 
> internet.
>
> Should I go for an all-in-one ADSL modem/router/hub/wireless box from 
> Linksys or Netgear, or go for a lower end network-layer device, and 
> hook it up to a cheap beige box running BSD or Linux?  Tradeoffs: I've 
> heard enough horror stories about the bad guys carrying out automated 
> hack attacks on crappy Chinese-made consumer home routers, but on the 
> other hand, properly configuring a PC-based router is a lot of work.  
> Having a PC do the job means I can keep a closer eye on the network 
> and do upgrades.
>
> When I went through uni, the advice there was that services should 
> never be run on the internet-facing router.  Does this still hold?
>
> What are sensible options for a home network, where I conceivably want 
> services inside my network to be inaccessible from outside (private 
> trusted network), and possibly, a box running services accessible from 
> outside?
>
> * A three-legged firewall is one option: one side connects straight to 
> the internet, the other side connects to my internal network, and the 
> third side connects to machines on a DMZ subnet.  Do any HUMBUGgers 
> bother running this kind of setup at home?
>
> * Does anybody have any opinions whether I'd be better off using a 
> Linux of OpenBSD OS on a PC-based router?  Specifically, is the 
> network packet filtering support in OpenBSD powerful enough to warrant 
> a second look?
>
> * Going even further (and possibly, completely over the top), I've 
> heard of people using two routers, with the middle segment being 
> designated their 'DMZ' network segment where they put machines 
> exposing external services.  Does _anybody_ bother with this in an 
> enthusiast/home setup?
>
> * What sort of machine/network monitoring and IDS tools do people use 
> on their home networks these days?  Tripwire?  Anything else?  Granted 
> that I'm not running a bank or have anything of real value on my 
> network, but it would still be a pain in the butt to reinstall a 
> cracked machine.
>
> Have fun,
>
> Ben.
>
>
> _______________________________________________
> General mailing list
> General at lists.humbug.org.au
> http://lists.humbug.org.au/cgi-bin/mailman/listinfo/general

More information about the General mailing list