[AusNOG] Enterprise Protection for the Consumer
Damien Morris
damien at yahoo-inc.com
Thu May 19 15:55:30 EST 2011
Trying to:
1. Be Green.. Old machines draw more power and real estate than they deserve and have spinning disks..
2. Focus on efficiency, and come up with solutions that could be shared/benefit others
3. See how far you can push some of these consumer devices that have all the hardware in the box just waiting to be exploited..
Maybe have some fun along the way :)
Thanks,
Damien.
On 19/05/11 3:46 PM, "Eric Pinkerton" <Eric.Pinkerton at stratsec.net<mailto:Eric.Pinkerton at stratsec.net>> wrote:
Why not just put Vyatta on an old machine with multiple nic’s, and use it to segregate your AP’s from said crown jewels?
From: ausnog-bounces at lists.ausnog.net<mailto:ausnog-bounces at lists.ausnog.net> [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Damien Morris
Sent: Thursday, 19 May 2011 1:35 PM
To: ausnog at ausnog.net<mailto:ausnog at ausnog.net>
Subject: [AusNOG] Enterprise Protection for the Consumer
Hey NOGers,
Maybe a bit OT - but what devices have people heard of or had experience with that give the enterprise-grade feature experience with consumer-grade gear?
Note I said 'experience' and not 'quality' - so you wouldn't run your business on it but you could set up your home DMZ, walled garden, VPN concentrator, RADIUS, 802.1x, etc.
The thought occurred as I was experimenting running multiple APs off a single LAN segment at home to test the performance of each and realised I was creating a large attack surface area with no protection beyond WPA2. Break through an AP and you get the crown jewels.
The most obvious example I can think of is the Asus N-16 which seems ridiculously overpowered compared to its contemporaries, and can run the seminal DD-WRT for some enterprise features (and a more-or-less full featured linux distribution with iptables and at least three discrete interfaces, albeit one of them wireless. You can add a USB drive to it too if you need more). For the record, I'm not a fan of Linux but I can't see IOS or a BSD-able device coming cheap.
Soekris, Mikrotik, Guruplug et al all seem a little too cost-heavy after you add the necessary extras to get them going, and the fact you'd need more than one device to realistically built enterprise-class network topology.
Love to hear anyone's feedback. E.g. has anyone ever hacked Vyatta onto a $50 consumer grade box and powered it with a PoE injector..? :)
Thanks,
Damien.
Message protected by MailGuard: e-mail anti-virus, anti-spam and content filtering.
http://www.mailguard.com.au/mg
Report this message as spam<https://login.mailguard.com.au/report/1CkO94rp0N/3SMAfR37nQheKo3nhixPfq/0.004>
Message protected by MailGuard: e-mail anti-virus, anti-spam and content filtering.
http://www.mailguard.com.au/mg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20110519/b6f2a996/attachment.html>
More information about the AusNOG
mailing list