do you trust TrendMicro AiProtection and why? What alternative do you use (IPS/IDS)?

[Wallace_n_Gromit]

Consumer grade routers can't protect us from hacking, and it's unstable. Installing Internet Security to each devices is much better. If you really care use a dedicated Hardware Firewall instead of a Consumer grade router firewall or Antivirus.

https://blog.sonicwall.com/en-us/2019/07/wind-river-vxworks-and-urgent-11-patch-now/

Even hardware solutions need to be closely monitored. Best to be on some sort of mailing list or set up autoupdates on all hardware, software solutions you have.

 

[follower]

https://blog.sonicwall.com/en-us/2019/07/wind-river-vxworks-and-urgent-11-patch-now/

Even hardware solutions need to be closely monitored. Best to be on some sort of mailing list or set up autoupdates on all hardware, software solutions you have.

Network has to be monitored 24 hours but it's impossible for consumers. Also there are too many discontinued firewalls that don't have firmware updates. Anyway ASUS and Netgear are using marketing tactics with a piece of junk firewall.

 

[OzarkEdge]

Network has to be monitored 24 hours but it's impossible for consumers. Also there are too many discontinued firewalls that don't have firmware updates. Anyway ASUS and Netgear are using marketing tactics with a piece of junk firewall.

I've been using un-monitored consumer firewalls for over 20 years... thanks for the timely tip!

OE

 

[Val D.]

Anyway ASUS and Netgear are using marketing tactics with a piece of junk firewall.

Good enough for consumer class products with acceptable balance between security and convenience.

 

[Wallace_n_Gromit]

Network has to be monitored 24 hours but it's impossible for consumers. Also there are too many discontinued firewalls that don't have firmware updates. Anyway ASUS and Netgear are using marketing tactics with a piece of junk firewall.

https://www.cvedetails.com/vulnerab...&sha=362cecfc66d6e06c3491afe8f86ee9a435ddd697

That is why I believe it's important to LAYER, and have redundancy in your security solutions, BUT too much can introduce security vulnerabilties/unpatched security issues within each layer software/hardware you introduce into your system. the security issue that the sonicwall was vulnerable to is a RTOS (real time operating system) called VXworks which has been around for DECADES in its various versions, and on over a billion devices. Don't know if it is part of consumer routers like the asus.

 

[follower]

I've been using un-monitored consumer firewalls for over 20 years... thanks for the timely tip!

OE

My dogs are monitoring them 24 hours and 7 days a week. I give them some chewies often.

 

[OzarkEdge]

My dogs are monitoring them 24 hours and 7 days a week. I give them some chewies often.

My cats were indifferent, and then they died, but my router firewalls keep on working.

OE

 

[follower]

Good enough for consumer class products with acceptable balance between security and convenience.

ONE vulnerability can take a router. How can consumer grade routers protect consumers?

https://www.cvedetails.com/vulnerab...&sha=362cecfc66d6e06c3491afe8f86ee9a435ddd697

That is why I believe it's important to LAYER, and have redundancy in your security solutions, BUT too much can introduce security vulnerabilties/unpatched security issues within each layer software/hardware you introduce into your system. the security issue that the sonicwall was vulnerable to is a RTOS (real time operating system) called VXworks which has been around for DECADES in its various versions, and on over a billion devices. Don't know if it is part of consumer routers like the asus.

Of course Layers are important. Having Hardware Firewall is rather than having nothing. That's true. Consumer Grade Routers and Firewalls can't protect home perfectly. A Consumer Grade Router can be taken by ONE vulnerability. There are so many unveiled and shared targeted vulnerabilities in the real underground world including Consumer, Business and Enterprise devices, especially Consumer grade. You know that right? Some of them are traded by money. Business grade are not always safe either even Enterprise Grade. However Business grade device is better than Consumer grade except discontinued devices or junks. So I recommend a Dedicated hardware firewall instead of a built-in firewall if you really want to use a hardware firewall. The best way is using both Hardware and Software. But how can normal consumers who don't have any network knowledge use them properly without any problems? I see so many users who have issues with AiProtection and 2 way IPS something whether they have knowledge or not. Also I see so many users who have a lot of issues with Software Firewall such as Internet Security things. There are a lot of users who are still using old Firmwares. Most of them don't care about Firmware upgrading. Some of them are using old Firmwares because of stability. Are they safe? How about IoT devices? I just don't like ASUS's and Netgear's marketing tactics.

 

[Val D.]

ONE vulnerability can take a router. How can consumer grade routers protect consumers?

To get total protection better never use Internet. Everything created by people can be destroyed by people. Definitely 5 firewalls and protections one on top of the other is not an optimal solution. It’s called Paranoia, I believe. User related personal issue, in other words.

 

[Wallace_n_Gromit]

ONE vulnerability can take a router. How can consumer grade routers protect consumers?


Of course Layers are important. Having Hardware Firewall is rather than having nothing. That's true. Consumer Grade Routers and Firewalls can't protect home perfectly. A Consumer Grade Router can be taken by ONE vulnerability. There are so many unveiled and shared targeted vulnerabilities in the real underground world including Consumer, Business and Enterprise devices, especially Consumer grade. You know that right? ~ However Business grade device is better than Consumer grade except discontinued devices or junks. So I recommend a Dedicated hardware firewall instead of a built-in firewall if you really want to use a hardware firewall. The best way is using both Hardware and Software. ~

I've had a Ubiquiti EdgeRouter X, and a Netgate SG-1100 pfSense Firewall that I recently purchased to play around with. I like the notion of Segmented home network(s) blind to each other using different manufacturers products, so as NOT to suffer the same security issues across the manufacturers product line.. And I've heard good things about pfSense when properly configured. That is the rub. It may be a steep learning curve, but very satisfying to surmount it.

 

[Val D.]

And I've heard good things about pfSense

You don’t need anything else after pfSense router, but may find some things hard to achieve and not very user friendly. Above average networking knowledge is needed to set things up properly and troubleshooting is a PITA. Support is OK at best.

 

[Wallace_n_Gromit]

ONE vulnerability can take a router. How can consumer grade routers protect consumers?
~But how can normal consumers who don't have any network knowledge use them properly without any problems? I see so many users who have issues with AiProtection and 2 way IPS something whether they have knowledge or not. Also I see so many users who have a lot of issues with Software Firewall such as Internet Security things. There are a lot of users who are still using old Firmwares. Most of them don't care about Firmware upgrading. Some of them are using old Firmwares because of stability. Are they safe?~

I have read, watched, heard over the years that what happens often times is that people who don't know how to properly network often have a "knowlegable" family member, friend, co-worker help them. It is a sticky issue. So many are on the internet on multiple devices and don't understand what the potential risks and helpful mitigations are (nothing being 100% certain). I do think that, in the current environment, businesses try to configure their systems to be easy to use for the "average" user with options for additional features for those inclined to put in that effort.

regarding firmware (and software) updates. I think it's only become a serious concern in the recent past, how those issues could be leveraged by criminal elements and others for serious harm. That's why automatic firmware/software updates haven't been the industry norms. Also, sometimes those updates, improperly applied can cause more problems. (Think some recent Microsoft updates) That is why when you have a piece of HW or Software, have it registered/put on an e-mail list.

Case in point: https://www.win-rar.com/singlenewsv...s]=116&cHash=ab1dd0ca4b801016fba0a9562a5b8e40
the ACE archive was fairly popular in its day, closed source, and not used very often anymore. But clever individuals discovered a way to leverage the way ACE archives are decrypted by file decryption software to open a serious security hole. Current versions of Winrar (and many other decompression programs) will no longer support ACE decompression as a result. People who registered their winrar programs got the immediate heads up to update/upgrade the program. I'm under the impression that there are 500 million users of winrar out there. How many updated? Not the fault of business, consumers need to care and be responsible.

How about IoT devices?

That is why I run one HW security device behind another (whether they be routers, firewalls etc), my current basic configuration. So that vulnerable IoT devices can't(or shouldn't be able to) get further into my home network. At least in theory, as I understand NAT and packet routing.