[ctviggen]

After realizing how many devices I have that are now on my home network (Alexa, lights, thermostat, etc.), and realizing I haven't updated the firmware in my router/firewall/wifi in ... forever, and logging into my router and seeing how many attacks I'm getting, I stumbled upon this:

https://www.myrattrap.com/

It's a hardware firewall that gets its database from the cloud and sits between your cable modem and your router.  It has no fee now for updating the database.  It also takes off a lot of advertisements, so it supposedly speeds up browsing. 

There are other firewalls, see the following:

http://windowsreport.com/firewall-device-for-home/

I chose this one because it's simple and updated regularly.  It also has one price (no subscription needed). I just ordered this and have not received it, though.

Anyone else have this or a similar device?  If so, what are your thoughts? 

[Scott F.]

I too would be interested in the "IT crowd's" opinion on RATtrap and other firewalls. We're in the midst of building a house that will be completely connected and we'll need a good firewall to keep the hackers at bay.

[Mag]

I use a firewall called Stop Sign by eAcelleration for many years. A yearly subscription fee of about $30 bucks. It's simple and easy to use, but your computer has to be free of viruses to begin with. They offer Tech support if you need it.

I use items such a printer, smart tv, digital player, tablet, cd player through a router. You simply add these item's IP address to a subnet in network zone. Otherwise it will block their use.

In Summary view it shows what's going on for example I have 2 connections open, rules applied 61,487,609, 11 unauthorized connections blocked, Floods stopped 0, scans attempted 14, attacks stopped 0, spam messages 0.

In addition it scans your computer for viruses at whatever you set it at, I have it set weekly.

Set up is easy for none tech users, just configure the firewall automatically under the firewall menu. But can also be set by advanced users who know what they are doing.

[srb]

I use a firewall called Stop Sign by eAcelleration for many years.

StopSign is an internet security software suite (like McAfee, Norton, Kapersky, AVG, AVAST, etc.) that has a firewall component and is installed on each individual computer or device.  The topic is about hardware firewalls which protect all computers and devices on the entire network and is generally considered a more robust and secure approach.

Steve

[Mag]

StopSign is an internet security software suite (like McAfee, Norton, Kapersky, AVG, AVAST, etc.) that has a firewall component and is installed on each individual computer or device.  The topic is about hardware firewalls which protect all computers and devices on the entire network and is generally considered a more robust and secure approach.

Steve

Oh.

With my i7 computer Windows 10 it can control an entire network. Just need a bigger router or add another one for more connections.

[shadowlight]

Question for the OP?  Are you just concerned about traffic that is using web browser or http/https protocol?  If yes, look into OpenDNS (they have been around for years and recently bought by Cisco).  You can set the DNS server on your router to point to OpenDNS servers,  which in turn will do the same thing that Rattrap seems to be doing and it is free.  You can also, sign up for enhanced service to get usage stats and additional controls.




Edited ========


From Rattrap FAQ - I would be interested in getting additional information on how they are doing the following.  Stuff in red is my comment.

• 
  RATtrap uses encryption while communicating with the RATtrap cloud. - What type of information is the local device sending / receiving from the cloud other than updates?  Can the company remote into the device on premise, similar to how logmein / team viewer etc solution works.
• 
  RATtrap uses digital signing while applying software updates.
• 
  RATtrap encrypts all DNS lookup request and response data - How are they doing that?  Are they tunneling DNS requests within some kind of encrypted tunnel to the cloud?  How are they encrypting, what are the encrypting protocols/standards used, are they using self signed certificates for authentication (easy to create man in the middle type of attacks by pretending to be Rattrap servers)
• 
  RATtrap uses per-device unique keys for authentication - How are they assigning unique keys?  Can those keys be spoofed?
• 
  RATtrap minimizes its’s attack surface by turning off all unnecessary services. - What services are running on the underlining OS and what OS is it?  Is it patched on regular basis?  I am currently assuming that the OS in question is either Android or Linux.
• If anyone has Oomla take a look at the service that they offer with ZScaler (ZScaler is more robust enterprise solution which they are offering through Oomla for home users).

[Johnny2Bad]

I use MacOSX Server; it sits between the local and wide area network. It's a Server OS so all the usual options are available to manage traffic, file access, permissions, etc and comes with the proper apps. Although you can run it just like a regular OSX installation on the same hardware the privledged and autonomous Server is running, it's best if you don't (your Server is exposed to the wide area (internet) network, so user files and apps can pose a security risk since it's the same machine).

Any reasonably modern hardware will work; including something like a G4 (IBM RISC) processor Mac Mini, which you can pick up for peanuts. No monitor required, it will run "headless". Takes some effort to properly configure though.

Cost is reasonable, less than $30 plus a free copy of OSX; unlimited users (Windows Server charges per user plus the cost of the OS itself). Linux is also an option (will run on almost anything) but is more complex to install and administer (which is saying something).

I actually have it running on a Mac Mini Server, which is a version of the hardware that has no disk drive and uses the space for a second drive, configured as RAID (Mirror). That machine is backed up automatically at 4AM to an external drive in an enclosure, and that external is backed up weekly to one of two drives, used alternately, and stored offsite.

I use the offsite bare drives with a device that allows you to just plug in a bare drive and connect it to a computer, so there are no enclosures to deal with for those backups. I have files going back to 1990, I've never lost any data, despite a few drive failures.

The RatTrap the OP referenced seems interesting, I'd have to take a closer look though. At $US250 it's not less expensive. The no-configure feature might be an issue but assuming the vendor can be trusted (not established at this point) might work out OK. It's one of those "it's not a bug it's a feature" things; you are trusting a 3rd party to do everything correctly, but for some people that would be better than doing it themselves, since they could make an error that would prove costly.

Another option is to use an old Mac running 10.6x or earlier, and download SNORT (firewall / intrusion detection / management app, open source). It works very well, but not on newer versions of OSX. Nightly backups to an external drive, plus a copy of the external stored offsite (updated weekly).

On all my machines behind the firewall I also run software that allows / disallows / logs all connections from the machine to the internet, like a full (2-way) firewall but a bit better as you get alerts every time something tries to access the wide area network and it's configurable on an app-by-app basis, rather than just via ports.

With any of the Server OS's, you can of course run any machine or device (smart TVs anyone?) running any OS behind it. Also you can also run other apps, such as automatic backup routines, storage of user files, host a website or cloud storage system, configure a VPN so you can log into the local machine(s) from anywhere, etc. A bit more flexible.

I will restrain myself from going on a Rant about iOT devices and their almost criminal lack of security, along with a general refusal to take responsibility for exploits, and an attitude to ship first and write secure software later, if at all.

[ctviggen]

It's difficult to know whether a vendor can be trusted.  I bought 5 versions of Kaspersky as a virus scan tool for our 5 computers (plus another laptop), then realized they could be hacked by the Russians. 

I would consider setting up something myself, but I really want something I set and forget.  Right now, I have a HT computer (windows 7, WMC, Kodi) we use to watch everything, I have an Unraid server with 15 terabytes of data, wireless/wired home lighting I can control with Alexa, etc.  I can't keep up with servicing these, let alone try to do something else.  My future weekends are taken.  I am going to put up a raptor perch, which requires sanding and painting a long pole, putting a top on the pole, then digging a hole and cementing it in.  This stupid house I own has a closet built into an attic. The closet is freezing in the winter and hot in the summer.  I'm going to wrap the outside of it with 2 inches of sheet insulation, and air seal it.  At some point after that, we're going to take down the drywall and spray foam or have someone spray foam the interior. I have to do some electrical work before this is done, and we're going to do the demo.  We then want to have the attic spray foamed, and I need to do more electrical work there before that can happen.  We then want to have our second attic insulated, and I need to do more work there before that's done.

So, I need a "set and forget" type of device, for the whole house.  That's why I went with this device.

My daughter likes these emojis:     

[rif]

What is the advantage of using a separate hardware box vs. using your router's built in firewall capabilities?

I have a ubiquiti router that can be configured with complex firewall rules, update blacklisted websites automatically, etc.  I don't actually use that mind you, because I'm lazy 

[rif]

Sorry, just realized my last post may have sounded standoffish.  Wasn't meant to be, just trying to get some info and share some info.

[srb]

There wouldn't be much difference using the firewall features of an enterprise router such as Ubiquiti Edgerouter, Cisco, etc., but most home routers don't have the capability to establish stateful firewall rules.

Even with the Ubiquiti routers, it can get quite complicated (even for IT personnel) beyond basic firewall rules if you are using VLANs, Deep Packet Inspection, etc.

Many dedicated firewall appliances have an easier to use interface and are the logical choice if using multiple physical routers, something that would be extremely rare in a home environment.

Steve

[jqp]

We live in a messy time as far as home security is concerned (don't even try to imagine big business security). Just watch Mr Robot.

The attack surfaces of your PC or your whole network refers to all the available ways that you can be hacked, like a cell is attacked by viruses or bacteria. Email, email attachments, links you click on, links on websites, things you download, and all the other ways you can be hacked more directly are why we have to have some protection.

Backups are a must, and another good thing to do is make an image of your patched and secured c: drive, in case you want to start over with a clean drive.

These things can be a pain if you don't want to become more sophisticated about security.

One of the problems we face is that thngs we install, including hardware, can "phone home" to some server and we are not even aware of it. That is why you need to be aware of outgoing traffic as well as incoming traffic. You want to know what is going out from your network, and whether that cahnges over time. Why does a video camera need to contact a server in China? Here is an example of what happens

https://www.theregister.co.uk/2017/05/10/persirai_iot_botnet/

I am interested in a HW firewall also, may have to settle for a SW firewall for now.

RATtrap uses per-device unique keys for authentication - How are they assigning unique keys?  Can those keys be spoofed?[/font][/li][li]
RATtrap minimizes its’s attack surface by turning off all unnecessary services. - What services are running on the underlining OS and what OS is it?  Is it patched on regular basis?  I am currently assuming that the OS in question is either Android or Linux.[/li][/list][li]
[/li][/list]

[Bizarroterl]

I'm using pfsense.