[AusNOG] Enterprise Protection for the Consumer

Eric Pinkerton Eric.Pinkerton at stratsec.net
Thu May 19 15:46:41 EST 2011


Why not just put Vyatta on an old machine with multiple nic's, and use it to segregate your AP's from said crown jewels?

From: ausnog-bounces at lists.ausnog.net [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Damien Morris
Sent: Thursday, 19 May 2011 1:35 PM
To: ausnog at ausnog.net
Subject: [AusNOG] Enterprise Protection for the Consumer


Hey NOGers,



Maybe a bit OT - but what devices have people heard of or had experience with that give the enterprise-grade feature experience with consumer-grade gear?



Note I said 'experience' and not 'quality' - so you wouldn't run your business on it but you could set up your home DMZ, walled garden, VPN concentrator, RADIUS, 802.1x, etc.



The thought occurred as I was experimenting running multiple APs off a single LAN segment at home to test the performance of each and realised I was creating a large attack surface area with no protection beyond WPA2. Break through an AP and you get the crown jewels.



The most obvious example I can think of is the Asus N-16 which seems ridiculously overpowered compared to its contemporaries, and can run the seminal DD-WRT for some enterprise features (and a more-or-less full featured linux distribution with iptables and at least three discrete interfaces, albeit one of them wireless. You can add a USB drive to it too if you need more). For the record, I'm not a fan of Linux but I can't see IOS or a BSD-able device coming cheap.



Soekris, Mikrotik, Guruplug et al all seem a little too cost-heavy after you add the necessary extras to get them going, and the fact you'd need more than one device to realistically built enterprise-class network topology.



Love to hear anyone's feedback. E.g. has anyone ever hacked Vyatta onto a $50 consumer grade box and powered it with a PoE injector..? :)



Thanks,

Damien.


Message protected by MailGuard: e-mail anti-virus, anti-spam and content filtering.
http://www.mailguard.com.au/mg

Report this message as spam<https://login.mailguard.com.au/report/1CkO94rp0N/3SMAfR37nQheKo3nhixPfq/0.004>

-- 
Message  protected by MailGuard: e-mail anti-virus, anti-spam and content filtering.http://www.mailguard.com.au/mg

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20110519/f14f67be/attachment.html>


More information about the AusNOG mailing list