CUJO Smart Internet Firewall - Second Look

[thiggins]

We take another look at the CUJO Smart Internet Security Firewall to see how it has matured.

Read on SmallNetBuilder

 

[pete y testing]

hi tim

must be a quiet month for new releases then , your right that the outer edges of this mesh market will struggle to find ground , will be interesting to see who the unnamed router partner will be and how it will be incorporated as i cant see any of the major players being interested in an outside element in their designs

pete

 

[Threska49]

The heart of CUJO's protection mechanism is based on knowing two things: "bad" IP addresses and "normal" device behavior. CUJO's cloud keeps track of "bad" IP addresses, which can potentially harm your system.

Kind of like those whitelist DNS sites.

With that being said, a bigger issue for those getting into the security field is liability, as in what happens if their security fails to secure.

 

[thiggins]

Kind of like those whitelist DNS sites.

With that being said, a bigger issue for those getting into the security field is liability, as in what happens if their security fails to secure.

Unless an insurance company gets into the business, don't hold your breath...

 

[sfx2000]

Keeping the threat lists updated is the major challenge with devices/features like this...

These can defend against threats they know about, however, new threats show up every day, and older threats are refactored to work around blocks that may be put in place.

It's an interesting device - that along with another similar one (Circle), these can be useful tools for some... I'm probably not in the target market for devices like this, but if someone needs a plug and play solution, it's worthy of consideration.

 

[WelshDog]

Just curious what people in the forums here would recommend for home cyber protection. I ask this on the day the Golden Eye ransomware attack went wide in Europe. I'm mildly capable setting up IT equipment, but I'm no expert and have no training. Nonetheless, I'm not afraid to dive in and try stuff.

Cujo seems like a good idea for many, but is there something better (more secure)? One thing I like about Cujo is the option of buying in for "lifetime service". I am losing my patience with the subscription tech culture we seem to be sinking into. It seems every company wants into my wallet permanently, 'til death do us part.

 

[thiggins]

CUJO is not a cure-all. It mainly keeps your devices from connecting to known bad IP addresses and domains. It will not stop bad email attachments from being received and opened.

CUJO is a relatively young company in a tough field. A '"lifetime" subscription may not last as long as you think...

Cyber security requires constant updates. This costs money.

 

[WelshDog]

CUJO is not a cure-all. It mainly keeps your devices from connecting to known bad IP addresses and domains. It will not stop bad email attachments from being received and opened.

CUJO is a relatively young company in a tough field. A '"lifetime" subscription may not last as long as you think...

Cyber security requires constant updates. This costs money.

Sure things aren't free. I do feel that the rates charged for things like virus and malware protection are obscene. The information they use is mostly free and can be gathered and distributed to the subscribed devices for little cost. Charging $10 a month for this is ridiculous. If they sell 100,000 subscriptions that's a million a month. Their cost of providing the service is a tiny tiny fraction of that - for any company.

So my question is then, what is a good home cyber security setup? Cujo seems like it only covers some bases as you pointed out. What device/service can do it all - and have throughput that keeps up with my Google Fiber?

 

[pete y testing]

what is a good home cyber security setup?

the synology with its IPS system and asus with its AIprotection do a good job , the asus brt-ac828 is even further advanced

device/service can do it all

no such thing , you need a good overall approach and these systems are part of the holistic approach not an all in one solution

eg antivirus and firewalls on devices is part of the solution as well

 

[thiggins]

The information they use is mostly free and can be gathered and distributed to the subscribed devices for little cost.

Some of the databases are free, others are not. $10 to you may be outrageous. But how much do you pay for car insurance? home insurance?

So my question is then, what is a good home cyber security setup? Cujo seems like it only covers some bases as you pointed out. What device/service can do it all - and have throughput that keeps up with my Google Fiber?

There is no single product that does it all. If you are looking for more comprehensive solutions, you need to go to UTMs. If you want free/cheap, look at pfSense on a box fast enough to keep up with your gigabit fiber.

Remember, this is what you are up against today. Multi-layered defense is key, especially if you have kids or non tech-savvy people on your network.

 

[evil_mike]

Gave the Cujo a try for a week, and am returning it to the box store I bought it from (thankfully, they have a kick butt return policy). I was quasi-skeptical about its capabilities to begin with, and while it does seem to offer SOME degree of protection, there's just no replacement for an up-to-date endpoint security tool. I was seeing some connection dropouts, which surprised me, but the straw that broke the camel's back for me was when it was alerting to an IP address that is "associated with a Botnet." My iPhone and Macbook were pinging an Apple-owned IP address.

Anyway, for the price, I didn't see much value, but I also have my network pretty locked down to begin with (i.e. I'm not their target audience).

 

[thiggins]

Just curious, Mike. Why were your devices pinging an Apple address and at what rate were they pinging?

 

[evil_mike]

My assumption was for telemetry purposes (all of the devices were talking to the same Apple-registered IP address); they each tried to hit the address within an hour of each other (MacBook, iPad, and iPhone), and it was one time in the week.

 

[thiggins]

My assumption was for telemetry purposes (all of the devices were talking to the same Apple-registered IP address); they each tried to hit the address within an hour of each other (MacBook, iPad, and iPhone), and it was one time in the week.

Well, unless they were whacking the hell out of server with a lot of traffic, this probably should not have been flagged.

On the other hand, false positives are to be expected and you did have the option to allow the traffic, correct?

 

[evil_mike]

Agreed, but I wasn't seeing any real positive to keeping it on my network, for a few reasons: a) I'm not seeing a lot of malicious traffic, and b) what I do see is fairly innocuous or a false positive. Just not worth the expense in my specific setup.

 

[Raf1919]

I actually like the CUJO alot. I have 2 kids at home and who are all over the web playing games and youtubing and clicking on sorts of links. My cujo stays busy blocking alot of crap. I like all parental tools, blocking content for kids and also guests. Also like being alerted when new device has connected or turning off the internet to a device or group on the fly. If i didnt have kids I probably wouldn't really need this especially at its cost. Prior I ran untangle which could do all this as well, but not as easily and I wasn't tech savy enough to really get it tuned right.

 

[Dave in NM]

Any more reviews on this? Is is worth it? As someone noted, is there like a business version from some mfgr already out there, i might be interested. Seems every business should some kind of firewall box like this, what do they use.

 

[Dave in NM]

You mentioned "CUJO does not look at actual packet content as more expensive IDS/IPS appliances do.". If i wanted one of those devices because its more industrial strength than CUJO, which would you recommend?