Your sensitive data on TruCrypt volumes.. If you're like me, those volumes are not open/mounted except when I'm doing work with the files. So the thief gets nada.
Fair point... but I think there's multiple categories of data - confidential, private, who-cares; I mean, even the family photos could go on to a TrueCrypt volume, but it would be at ridiculous computational cost. Seems to me that a better strategy would be to make it more difficult to break in, no?
And none of that still address my stupidity - for example, accidentally triggering the installation of the Flashback Trojan on my Mac, because I need to have Java installed for certain work applications.
To wit, I've already taken your excellent suggestion on rechecking the ports both inbound and out on the router and I'm putting together a network map to figure out how machines need to and do not need to talk to each other with the view of splitting up the network with VLANs, as recommended by STX and Tim in the discussion above. I'm still not sure whether that addresses my concerns about accidentally bringing a plague of locusts, but we are basically following all of the steps recommended by Krebs here, with the exception of NoScript which makes life nigh impossible on the modern web - try selecting the charts on SNB, for instance
Viruses, spyware, accidental deletion...
I store data on the NAS, not the PCs.
I image the PC disks every week or so, to the NAS.
The one time I got a bad virus/malware I couldn't eliminate, I just roll in the last image or partition backup. I now have these two backups automated on PCs, using Acronis (I've tried most all, and such as it is, Acronis is the best, IMO).
My main PC - has an SSD boot disk (120GB) and a 160GB mechanical disk. Again, I store no data on these, only the OS and programs.
I use Acronis to clone the 120GB to the 160GB quite often. I don't use the 160GB. Worst happens, I just clone the 160 back to the 120. This has saved my rear more than once. Cloning is better than partition imaging, by far, at the cost of a dedicated drive.
I suppose the more relevant question is, does it make sense to invest in a SOHO/SMB-class UTM appliance to replace my consumer router - is that the right tool to prevent myself from accidental stupidity and a potential light attack from the kinds of people who hacked Honan last year? (By which I mean script kiddies with preassembled tools rather than a nation-state with an army, more than the precise nature of the attack.) I suppose I'm aiming more for deterrence rather than anything else.
Sophos has a free UTM for home use that is awesome. Astaro UTM Home User version has everything (well almost that corp america has and is fairly straight forward. Untangle also has a product I've used for over a year, but just recently switched to Astaro due to the completeness of the offering. I can't recommend it enough for doing exactly what your talking about! You will need a system with two NICs, but they are cheap. Personally I use an Atom Supermicro server with ESXi installed and Astaro as a VM. Works flawlessly!
Wanna dig deeper and get real geeky, check out Security Onion.
Forgive me for resurrecting an old thread, but I'd have to post what would be a pretty much identical thread name.
I'm in the market for a new (wired) router, as it turns out my existing E4200 is vulnerable to (and because of some unusual internet behaviour perhaps WAS breached by) the infamous Linksys TheMoon malware. As a stopgap, I'm moving to DD-WRT but I'd really appreciate any advice now on a replacement router / UTM device.
My requirements are relatively modest - we have about 45-50 networked devices, including full-fledged computers and servers, phones, tablets and networked gadgets (examples would be IP cameras, the Nest thermostat, Fitbit Aria). Our primary internet connection is through Verizon's 75/35 FiOS service but I'd also like to have a second WAN port, as we have a backup network connection for when the FiOS headend goes down as it is wont to in the summer. I'd also like to have the capability to segregate devices using VLANs and ideally retire the RasPi that's been acting as a VPN endpoint for when I'm on the road. I've been looking at the following devices, as a consequence, with some of my thoughts:
-Linksys RV042G (unsure about performance, brand name ownership worries)
-Mikrotik Routerboard RB2011UiAS-IN (unbelievable price/performance ratio, impossible to buy in the US)
-Ubiquiti EdgeRouter PoE (difficult to setup, hard to buy in the US)
-Zyxel Zywall USG20 (dislike paying for an ongoing subscription)
I'm leaning towards the Mikrotik if I can ever find it for sale, but I'd like to wrap up and buy something in the next couple of days. Any advice appreciated.