I currently rely pretty much exclusively on my Unifi gateway’s not-great IPS/IDS system, which allegedly receives updated threat intelligence feeds periodically. Outside of actual intrusion detection, I prevent my IoT devices (which are located in their own VLAN) from contacting the internet wherever possible, and entirely block any inter-VLAN traffic other than responses to connections initiated from devices residing on a “trusted clients network”, which hosts my phone, laptop etc.
> their own VLAN) from contacting the internet wherever possible, and entirely block any inter-VLAN traffic other than responses to connections initiated from devices residing on a “trusted clients network”, which hosts my phone, laptop etc.
I am interested in this kind of setup but lack relevant experience. Is this stuff you set up in the stock Unifi admin pages?
Rest assured it is not that difficult :). Correct, I've configured several firewall rules on the UniFi web UI, since I have a UniFi router/firewall (in my case a USG). If you'd like some help, feel free to reach out to me on keybase! I'm andrewnicolalde on there.
many sort-of-recent home network equipment support this stuff or equivalent (i.e., multiple networks) just as a configuration from their admin UI. You don't really need relevant experience to set this up, just very basic networking knowledge and will to occasionally shake your head at the web-based-admin-user-experience of the box.
If you’re running your custom
homebuilt router, you can use IDS systems like snort[0] or suricata[1]
It’s pretty fun to setup !, you can take any old desktop/laptop at your home and make them into your own custom router by running a linux or bsd instance on it.
If you go this route, I would recommend suricata ids as you can setup more complex and sophisticated system easily, compared to snort.
One compromise would be to add an extra hop (like a raspberry pi ) to the IOT vlan, and install snort there. That way I could retain my primary router (currently Ubnt ERX).
Are you running stock firmware on the ERX and are you happy with it? Looking into potentially setting one up as well, any resources you could recommend for making best use of one?