• Activity
  • Votes
  • Comments
  • New
  • All activity
    • Showing only topics in ~tech with the tag "firewalls". Back to normal view / Search all groups

    1. Looking for tips/advice for a hardware firewall/VPN for a small to medium size nonprofit

      Ask (advice)
      Edit: Decided to go with the Ubiquiti Dream Machine Pro. Thank you for all the suggestions and advice! Hey Tildenauts, I'm planning to help a local nonprofit replace their aging hardware firewall...

      Edit: Decided to go with the Ubiquiti Dream Machine Pro. Thank you for all the suggestions and advice!

      Hey Tildenauts,

      I'm planning to help a local nonprofit replace their aging hardware firewall pro bono. I have a fair amount of experience with networking and security, especially where web servers are concerned, but I haven't setup a hardware firewall recently enough to know off the top of my head which are the best options here.

      The organization is fairly small but on its way to medium sized, around 30 employees at the moment but will likely expand to 50+ in coming years. So I'm looking for a solution that will comfortably scale up to 100 employees. There is remote work, accessing their local server via VPN, so something that comes bundled with a user friendly VPN client would be ideal. I haven't seen their physical setup yet but I know their server gets a lot of use. Not all employees use it remotely on a regular basis but many do.

      From past experience I know that Cisco, Sophos and SonicWall are potential options. Cisco seems to be pushing their Meraki platform pretty hard but I don't think this organization needs a subscription based solution.

      Anyone have recommendations for hardware firewalls I should consider? Any potential footguns I should know about?

      Thanks in advance!

      9 votes

    2. Any Ubiquiti Unifi users? - Questions on zone firewall policies

      Ask (advice)
      I'd normally post this on reddit...but I thought I'd give the Tildes Tech Support Team a try. I have a Ubiquiti Unifi Cloud Gateway Ultra and I'm trying to better understand zone firewall...

      I'd normally post this on reddit...but I thought I'd give the Tildes Tech Support Team a try.

      I have a Ubiquiti Unifi Cloud Gateway Ultra and I'm trying to better understand zone firewall management and VLANs and all that.

      I'll start with a screenshot. I'm only changing the two settings highlighted in red.

      I'm trying to understand the difference between two firewall policy settings:

      1. Action = Allow ONLY, AND Connection State = Return Traffic
      2. Action = Allow AND Auto Allow Return Traffic checked, AND Connection State = All

      I have two VLANs -- "Internal" and "Lab." Each is in their own policy zone, also called "Internal" and "Lab." The "Internal" VLAN does not have the "Isolate Network" option checked, but "Lab" does.

      What I want is devices in "Internal" able to initiate and maintain connections with devices in "Lab." But I don't want devices in "Lab" able to initiate connections to devices in "Internal."

      With Policy 1, "Internal" can't reach "Lab" nor vice versa. Hmm.

      With Policy 2, "Internal" can ping and SSH into devices in "Lab," but not the other way around. Perfect; that's what I want.

      And now my question(s): What is the difference between these two policies? To me, they look the same. But clearly the end results say they're not. So what's actually going on here? Additionally, assuming I could get Policy 1 to do what I want, is Policy 2 more vulnerable from a cybersecurity perspective than Policy 1?

      If it helps, here's a screenshot of my zone matrix, with focus on source "Internal" and destination "Lab."

      Thanks!

      17 votes

    3. I just installed a DNS based firewall (I think) for the first time in my life. Help me understand which addresses to block.

      Ask
      For context: I'm a tech noob when it comes to cyber-security stuff in particular, and anything network related in general. My devices are a MacBook Pro and an iPhone. Before anyone cringes at...
      For context: I'm a tech noob when it comes to cyber-security stuff in particular, and anything network related in general. My devices are a MacBook Pro and an iPhone. Before anyone cringes at this, I buy all my Apple stuff second hand to dodge the brand premium. There, I hope that gives me some credibility in the eyes of all the techies around here. :D

      For years I was more or less relying on Apple to do a decent job automatically when it comes to security, and granted, I haven't had any serious issues (that I know of). Some time ago it was brought to my attention that I'm most likely getting tracked even if I tick all the opt-out boxes on my device and browser settings. I hastily installed an open source app on my phone that prevents trackers and ad servers form connecting to it based on a list of addresses that the app provides. There was a long log of blocked domains already the next day. I made a mental note that I should probably look for something to do the same for my laptop, and then forgot about it, until last night.

      When I went to check that log again on my phone, I found out that the app hadn't been functional in a while. A quick online search revealed that they aren't as open source as they claim to be, nor very reliable, so I embarked on a quest to find something else to do the job - this time for both devices.

      I have managed to install and configure something called NextDNS on both of my devices and most browsers, even though the documentation seems to be made with more tech-savvy people in mind. So far so good. I turned on all the available blocklists, but a lot of strange looking (to me) traffic is still getting through. I'm assuming some of it is benign, but how do I evaluate which addresses I should block or not? I'll list some examples below.

      init.ess.apple.com
      init-p01md.apple.com
      bag.itunes.apple.com
      gsp-ssl.ls.apple.com
      gspe35-ssl.ls.apple.com
      pki-goog.l.google.com
      For these, the service offers the following information: 'Provides advertising or advertising-related services such as data collection, behavioral analysis or retargeting.' Sounds like something I wouldn't want to enable. When it comes to the iTunes one, I don't use iTunes and don't even have it installed (don't ask how I managed to get rid of it - it took several days worth of trial and error..). One of these, pki-goog.l.google.com is listed as 'dangerously prevalent (tracks 21.23% of web traffic)'.

      Then again, the same general description is sometimes given to addresses that seem legit, such as:
      time.apple.com
      weather-data.apple.com

      Some are indecipherable to me and don't come with any sort of description:
      fp2e7a.wpc.phicdn.net
      init.ess.g.aaplimg.com
      get-bx.g.aaplimg.com
      ocsp2.g.aaplimg.com
      ocsp.pki.goog

      Some descriptions are kind of vague:
      a2047.dscapi9.akamai.net
      apis.apple.map.fastly.net
      'Content delivery network that delivers resources for different site utilities and usually for many different customers.'

      Some seem to be doing tasks that are definitely wanted:
      ocsp.digicert.com
      'Digicert Trust Seal - Includes tag managers, privacy notices, and technologies that are critical to the functionality of a website.'

      Then there's an Amazon Web Service, go-updater-1830831421.us-west-2.elb.amazonaws.com, listed as very prevalent (tracks 5.5% of web traffic) that has been contacting my phone even though I haven't done any shopping or product related searches. What is this and should I block it?

      And so on and so on. Is there any logic to these that I can follow? I tried google searching some to no avail.

      11 votes