Thoughts on IoT type security systems (Cujo, BitDefender BOX 2, etc.)

[next-Jin]

I use an Ubiquiti setup at the house with loads of tablets and random things connected. I have something like 30 devices on wireless.

I came across these devices that act as a residential IDS/IPS, cloud firewall, etc. system for everything in the household.

I can’t find much on them but am interested in solutions that would be similar.

I’d like a hardware solution to put between my router and the ISP. I don’t know a lot about pfSense but it seems like it wouldn’t be able to do all those functions.

Does anyone have one of these devices or know what a good viable solution is (bought or built doesn’t matter to me).

 

[Spartacus09]

By Ubiquiti setup do you mean just the wifi AP? or do you have their switch and security gateway/edge router? (this is ubiquiti's device for that)
Most consumer routers are also firewalls already and the expensive ones have some of those advanced features, so you might be already set unless theres something specific you're trying to accomplish.

 

[Machupo]

Unifi APs allow vlan tagging. You shouldn't need anything that segmenting cannot take care of unless you really need to watch plex on your refrigerator display

 

[next-Jin]

I just have an Edgerouter X with AP Pro. I like the ability to have an APP that monitors everything if needed, and also protects IoT devices like Echos, TVs, Webc

 

[Spartacus09]

Your Edgerouter X has a firewall and deep packet inspection capability, you just need to use the edgemax pane to view it (and possibly enable the analysis if you don't already have it turned on).

So what type of info are you looking when you monitoring "everything" are you just wanting to see what webpages are hit/which IPs and sites are being accessed? if so I think you already have that capability.

Or how deep do you want to go? Are you wanting granularity in checking even things like SSL traffic?

 

[next-Jin]

Your Edgerouter X has a firewall and deep packet inspection capability, you just need to use the edgemax pane to view it (and possibly enable the analysis if you don't already have it turned on).

View attachment 87021

So what type of info are you looking when you monitoring "everything" are you just wanting to see what webpages are hit/which IPs and sites are being accessed? if so I think you already have that capability.

Or how deep do you want to go? Are you wanting granularity in checking even things like SSL traffic?

So I’m looking for a way to protect the IoT devices (I’m including tablets) and have some sort of parental control over those devices.

I thought about seperating th IoT devices but that wouldn’t solve the issue of protecting them /parental controls.

PfSense has a add on that acts as an IDS, but I haven’t found a one stop solution.

I think pfSense is capable of everything I’m looking for but guides seem fragmented.

Protect IoT devices from hacking.
Provide child safe guards from malicious websites.
Block all ads.
Act as a layer 2/3 AV/Malware/etc device.

Basically a UTM for a residential environment.

Some of these devices I’ve seen (namely BitDefender Box 2 as I use their software) provide that level of protection for the whole network.

Sophoros I believe is client side and I didn’t see great reviews/tests.

 

[Spartacus09]

Protecting generally means firewall and making sure they aren't susceptible to hacking/intrusion.
Say parental controls rather than make us pull teeth bro .

I think you tried to spell Sophos? Sophos UTM has a firewall home version for free you just have to register and you get 50 devices/IPs monitored for free.
I've heard good things about squidguard with pfsense even though you're writing it off, its pretty much one of the most widely used.

I'm not sure theres an all in one that covers what you're wanting without paying for it, and even then I don't know which one would cover it off the top of my head other than an enterprise firewall.
We just picked up a Fortigate 201E for work that does most of that but I doubt you wanna sink a couple of thousand into it.

 

[pek]

Found this:

https://homealarmreport.com/cujo-dojo-vs-keezel/

Never used/read this site before, but it seems ok at first scan.

 

[next-Jin]

I just found this little guy:
https://www.myrattrap.com

I think it checks all the marks, has a good team behind it too from what I’ve read. The Cujo thing has shady written all over it with the Amazon coverups. Bitdefender Box seems to be picky as all hell with various network configurations.

Does Sophos work at the hardware level between the ISP and Router? I think I saw it before but it seemed like it was just a client side install.

 

[pek]

Just downloaded the s/w & manual, need a pc that has a cd to boot from (makes sense, no o/s to corrupt, just reboot, hardened o/s), sophos says it will run in a vm, that's a path I haven't gone down, yet, so no opinion on that. You'll need 2 nics, it will go between your modem/isp router & your internal network, so it will have a trusted zone & untrusted zone. You'll have to turn off wireless on your isp modem/router if you have it, looks like all traffic must go through the pc w/sophos, so a separate wireless router will be needed (you need a new wireless router with all the bells and whistles anyway, don't cha?). Looks impressive on first glance, but you will need help if you don't set up firewalls for a living ( just because it has a gui doesn't mean it's easy to set up, looks like the free version is the same as the enterprise version, same iso download, just a different license), it looks pretty complete for a freebie. Free home version supports vpns & has a 50 ip limit, which is a bunch unless you get silly with the iot, throughput will depend on the pc you use. Never used a sophos product, so tech support is an unknown, but sophos is pretty well known in the cyber security arena.

May have to blow the dust off my last-gen m/b with 2 nics, need to find a case, though.

IoT stuff you'll have to research yourself, I don't have those things.

 

[Spartacus09]

Does Sophos work at the hardware level between the ISP and Router? I think I saw it before but it seemed like it was just a client side install.

Sophos UTM can go between your modem and router and act as an all encompassing, or your router and your switch if you want it just to be a bridge monitor rather than a FW.
Check the deployment options here: https://community.sophos.com/produc...5/options-for-deploying-utm-into-your-network

Yes, it can run on a dedicated hardware box or if you have a home lab/server can run on a VM as well (vmware, hyper-v, KVM whatever) just need dual nic for an in/out connection and an intel CPU, the resources to run are pretty minimal depending on your throughput need.

General UTM wiki: https://community.sophos.com/products/unified-threat-management/w/utm-wiki/1/defaultwikipage

 

[Nicklebon]

I'm not sure theres an all in one that covers what you're wanting without paying for it, and even then I don't know which one would cover it off the top of my head other than an enterprise firewall.
We just picked up a Fortigate 201E for work that does most of that but I doubt you wanna sink a couple of thousand into it.

A smaller fortigate still has the same feature set available albeit at lower rates and interface flexibility. 30E and 60E are very powerful and very affordable for soho use. Much better options than most of the consumer garbage gear most people run in their homes. That said, it does take a bit more effort to configure a proper policy than your average Apuke router but in the end you're covering a much larger range of attack vectors.

 

[pek]

That said, it does take a bit more effort to configure a proper policy than your average Apuke router but in the end you're covering a much larger range of attack vectors.

A "little" bit?

 

[Nicklebon]

A "little" bit?

I'm not sure what you're asking here? If you're trying to be sarcastic and make a point I'd say that you're way off base and that yes, it is indeed only a little bit more effort. The basic UTM configuration of a fortigate is straight forward and can be done rather easily by a relative novice using just the gui. The same can be said for Checkpoint's small appliances. Throw in basic reference material such as the cookbook web site and advanced configs are easily accomplished by a novice.

 

[pek]

The big devices like Fortigate, Paloalto's, Asa's are not intuitive (admittedly I've only worked on the 5000 & 7000 platforms) and missing a rule or not understanding the relationship of interface/zones/rules and when each is checked when traffic hits the device and routes can leave you open and not knowing it. Or worse, blocking traffic and nothing showing up in the log, the user gives up and just allows 'any-any-all'. There's a lot to be said in simplicity, less to fuck up. Plus the cost of annual subscriptions on one of the big platforms is a lot more than the sophos or rat trap.

 

[Cmustang87]

Looks like mountains have been created out of this molehill.

IMO - Sophos UTM + OpenDNS seems like an easy enough solution if you can't get what you want out of the ER-X.