Double Layered Firewall – A new approach to home internet security in uncertain times

TL;DR

Use two routers:

  1. For IoT, Phones, Consoles, etc. Enable UPnP on this router so all of these devices will work as expected and so they can open the ports they need. Enable WiFi on this router.
  2. For Desktop computers, network storage devices, media services, etc. Disable UPnP on this router so that you know what ports are open. Disable WiFi on this router.

Connect the routers as: Internet <-> IoT (UPnP) Router <-> Router with Controlled Ports

Why

The current state of security in software and internet services is not quite up to par, I’d even go as far as to say it is broken.

I purchased a Foscam security camera a while back and after having it up and running in my house for a month or two I decided to check to see if there were any hacks for this camera, and I was pretty upset to find out that a user could just go to <my_ip_address>/proc/kcore and get a complete dump of the filesystem, including non-encrypted versions of my home network wifi password, and the user name and password to login and control the camera. To learn more see here:

http://foscam.us/forum/fix-for-the-path-traversal-vulnerability-on-older-devices-t4805.html

After this I changed my home security setup, and I wanted to share that with you as it is simple, and I bet you have an old router laying around that you could put to good use 🙂

Advertisements