NetworkPorn (new home networking gear)

in #networking5 years ago

As I have been getting into cryptocurrency for a while I started looking at general network security, I run some nodes on Pi-like single board computers, and you can imagine this could one day make me a hacking target.

My 5 year old Linksys router hasnt seen a firmware upgrade for years, so I decided it was time to improve the situation, as (if you didnt know) a lot of consumer devices are really quite poor on the security angle and old firmware reveals vunerabilities.

I already have a separate MODEM so all I needed was a new router and WiFi Access Point. There are some pretty advanced all in one units out there, but if you want really good control over your network you need to start buying separate items, and for me firmware/software updates are an important point in that descision.

I dont have space for a rack, all the kit has to go on a tiny telephone table in the hallway, and aethsetics-wise it needs to pass the "Mrs Test".

After many hours of nerd deliberation, I settled for a Ubiquiti nanoHD Access Point:

20190622_182532.jpg

and the Ubiquiti EdgeRouter X:

20190622_182537.jpg

The nanoHD has a really nice look and "The Mrs" immediately liked it, its much smaller than our old all-in-one and has no aerials, just a clean white disc with a subtle blue LED. Similarly the EdgeRouter X is very small, can sit on top of my NAS and really is quite unobtrusive.

20190622_182525.jpg

Dont let he small size and lack of fancy consumer grade design fool you though, these little devices pack a punch!

The nanoHD WiFi AP is set on auto power mode, but all the way at the other end of my garden (through a door and a wall) I can still get good WiFi speed - my broadband is 70Mbps, I get ~40Mpbs sitting at the coffee table in the far corner of my garden!

The EdgeRouter X has hardware based routing available which on paper gets it to 950Mbps, I have no way to test that, but it comes with a bunch of other really good features. Key among them for me is the availability to setup vLANs (virtual LAN). What this means is you can split your one network into multiple parallel virtual networks. So I have my "core" network of my PC & NAS on the main LAN, on another vLAN I have less secure devices like the crypto nodes, TVs etc. and I also have Guest vLAN for visitors and devices that otherwise I wont need network access to like IoT devices such as my solar array monitor. Between each LAN/vLAN you can setup firewalls, so my TVs can access my NAS, but only to stream video, my Pi-like devices only allow SSH from my main PC.

In terms of external access, there are good port forwarding facilities. Of course I wanted to test the security and so ran some NMAP scans on the WAN side for both TCP and UDP on all ports, everything came back clean, no IGMP response either.

I wont say getting this all configured was easy, its for more advanced users, but the geeks among you should definitely think about getting some kit to play with!

Sort:  

Congratulations @scalextrix! You have completed the following achievement on the Steem blockchain and have been rewarded with new badge(s) :

You distributed more than 14000 upvotes. Your next target is to reach 15000 upvotes.

You can view your badges on your Steem Board and compare to others on the Steem Ranking
If you no longer want to receive notifications, reply to this comment with the word STOP

Vote for @Steemitboard as a witness to get one more award and increased upvotes!