Better home network security

  • Be sure to checkout “Tips & Tricks”
    Dear Guest Visitor → Once you register and log-in please checkout the “Tips & Tricks” page for some very handy tips!

    /Steve.
  • BootAble – FreeDOS boot testing freeware

    To obtain direct, low-level access to a system's mass storage drives, SpinRite runs under a GRC-customized version of FreeDOS which has been modified to add compatibility with all file systems. In order to run SpinRite it must first be possible to boot FreeDOS.

    GRC's “BootAble” freeware allows anyone to easily create BIOS-bootable media in order to workout and confirm the details of getting a machine to boot FreeDOS through a BIOS. Once the means of doing that has been determined, the media created by SpinRite can be booted and run in the same way.

    The participants here, who have taken the time to share their knowledge and experience, their successes and some frustrations with booting their computers into FreeDOS, have created a valuable knowledgebase which will benefit everyone who follows.

    You may click on the image to the right to obtain your own copy of BootAble. Then use the knowledge and experience documented here to boot your computer(s) into FreeDOS. And please do not hesitate to ask questions – nowhere else can better answers be found.

    (You may permanently close this reminder with the 'X' in the upper right.)

Regarding DMZ, I've used it on every router I've had the last 20 years, but there is one specific reason I can think of to not forward "everything" to a non-existent DMZ machine:
It is still NAT, and thus requires the router to keep a dynamic routing table of incoming NAT. Routers have limited memory and ISPs offer ever increasing bandwidth. It is conceiveable that a router could lock up on a syn-flood because it has to track as many incoming connect requests as possible until they expire. The DMZ setting indicates that the incoming connection is "expected", so the state has to be tracked. Instead of DMZ, if only a couple of ports are specifically forwarded by the other settings, the remainder of requests can be dropped without state-keeping.

In the days of 802.11b, I had a router that was difficult to block port 0 (SN-789 show notes reminded me of it) and was my primary reason to use DMZ to forward everything to nowhere. My current router does not suffer this problem. It should be noted that the likelihood of the above situation being a problem boils down to the likelihood of becoming someone's specific target for a specific attack. Dynamic address assignment by the ISP is one of the mitigations for it.

Troy
 
>Is anyone offering a "home user" version of the exterprise umbrella? At work we're under the Fortinet umbrella. It's too expensive for the average home user, >seems like there's a market there waiting to be exploited ... somehow.

Perhaps the Pepwave Surf SOHO would fit your needs. It is a business class router that retails in the US for $200.

 
Is anyone offering a "home user" version of the exterprise umbrella? At work we're under the Fortinet umbrella. It's too expensive for the average home user, seems like there's a market there waiting to be exploited ... somehow.

Perhaps the Pepwave Surf SOHO would fit your needs. It is a business class router that retails in the US for $200. In 9 years the company, Peplink, has had one security flaw. And, they gave the person that reported it a free router. Not that everything is perfect, no software is.