[AusNOG] Enterprise Protection for the Consumer

Damien Morris damien at yahoo-inc.com
Thu May 19 13:34:50 EST 2011


Hey NOGers,


Maybe a bit OT - but what devices have people heard of or had experience with that give the enterprise-grade feature experience with consumer-grade gear?


Note I said 'experience' and not 'quality' - so you wouldn't run your business on it but you could set up your home DMZ, walled garden, VPN concentrator, RADIUS, 802.1x, etc.


The thought occurred as I was experimenting running multiple APs off a single LAN segment at home to test the performance of each and realised I was creating a large attack surface area with no protection beyond WPA2. Break through an AP and you get the crown jewels.


The most obvious example I can think of is the Asus N-16 which seems ridiculously overpowered compared to its contemporaries, and can run the seminal DD-WRT for some enterprise features (and a more-or-less full featured linux distribution with iptables and at least three discrete interfaces, albeit one of them wireless. You can add a USB drive to it too if you need more). For the record, I'm not a fan of Linux but I can't see IOS or a BSD-able device coming cheap.


Soekris, Mikrotik, Guruplug et al all seem a little too cost-heavy after you add the necessary extras to get them going, and the fact you'd need more than one device to realistically built enterprise-class network topology.


Love to hear anyone's feedback. E.g. has anyone ever hacked Vyatta onto a $50 consumer grade box and powered it with a PoE injector..? :)


Thanks,

Damien.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20110519/83f5f998/attachment.html>


More information about the AusNOG mailing list