[AusNOG] Enterprise Protection for the Consumer

Shaun Dwyer shaun at dwyer.id.au
Thu May 19 16:25:35 EST 2011 

Damien,

I agree with going green.. with the rising cost of power and all, it makes sense from an economical perspective.

Recently I've deployed a ubiquity router station pro at home for my routing needs. Cheap to buy, cheap to run, does PoE, 4x Gig ports, SD card slot, USB etc etc. I'm using OpenWRT on mine installed to the built in flash, and it works great. A friend of mine told me if you really want to you can run fully fledged Debian MIPS on it.

http://www.ubnt.com/rspro

Cheers!
-Shaun
 
On 19/05/2011, at 1:55 PM, Damien Morris wrote:

> Trying to:
> 
> Be Green.. Old machines draw more power and real estate than they deserve and have spinning disks..
> Focus on efficiency, and come up with solutions that could be shared/benefit others
> See how far you can push some of these consumer devices that have all the hardware in the box just waiting to be exploited..
> Maybe have some fun along the way :)
> 
> Thanks,
> Damien.
> 
> 
> On 19/05/11 3:46 PM, "Eric Pinkerton" <Eric.Pinkerton at stratsec.net> wrote:
> 
>> Why not just put Vyatta on an old machine with multiple nic’s, and use it to segregate your AP’s from said crown jewels?
>>  
>> From: ausnog-bounces at lists.ausnog.net [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Damien Morris
>> Sent: Thursday, 19 May 2011 1:35 PM
>> To: ausnog at ausnog.net
>> Subject: [AusNOG] Enterprise Protection for the Consumer
>>  
>> Hey NOGers,
>>  
>> Maybe a bit OT - but what devices have people heard of or had experience with that give the enterprise-grade feature experience with consumer-grade gear?
>>  
>> Note I said 'experience' and not 'quality' - so you wouldn't run your business on it but you could set up your home DMZ, walled garden, VPN concentrator, RADIUS, 802.1x, etc.
>>  
>> The thought occurred as I was experimenting running multiple APs off a single LAN segment at home to test the performance of each and realised I was creating a large attack surface area with no protection beyond WPA2. Break through an AP and you get the crown jewels.
>>  
>> The most obvious example I can think of is the Asus N-16 which seems ridiculously overpowered compared to its contemporaries, and can run the seminal DD-WRT for some enterprise features (and a more-or-less full featured linux distribution with iptables and at least three discrete interfaces, albeit one of them wireless. You can add a USB drive to it too if you need more). For the record, I'm not a fan of Linux but I can't see IOS or a BSD-able device coming cheap.
>>  
>> Soekris, Mikrotik, Guruplug et al all seem a little too cost-heavy after you add the necessary extras to get them going, and the fact you'd need more than one device to realistically built enterprise-class network topology.
>>  
>> Love to hear anyone's feedback. E.g. has anyone ever hacked Vyatta onto a $50 consumer grade box and powered it with a PoE injector..? :)
>>  
>> Thanks,
>> Damien.
>>  
>> Message protected by MailGuard: e-mail anti-virus, anti-spam and content filtering.
>> http://www.mailguard.com.au/mg
>> 
>> Report this message as spam  
>>  
>> 
>> Message protected by MailGuard: e-mail anti-virus, anti-spam and content filtering.
>> http://www.mailguard.com.au/mg
>>  
>>  
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20110519/55be93f7/attachment.html>

More information about the AusNOG mailing list