G+_Michael Hill Posted June 8, 2017 Share Posted June 8, 2017 I bought a ubiquiti edge x router for my 3 dumb routers can someone help me get the firewall set up ? Link to comment Share on other sites More sharing options...
G+_Michael Moller Posted June 8, 2017 Share Posted June 8, 2017 Sorry can't answer your question yet. I'm just setting mine up too. But I have a comment for you. From my understanding, you don't need to use the three dumb routers when you have a smart one (Ubiquiti EdgeRouter X). Steve - "...we solved the isolation problem with three dumb routers. But you could also just use one smart one, just this, for $50." I'm quoting the show notes from SN episode 570 - https://www.grc.com/sn/sn-570.htm Link to comment Share on other sites More sharing options...
G+_Golden Retriever Posted June 8, 2017 Share Posted June 8, 2017 I was thinking the same thing the edgerouter X would be the perfect router for facing the internet. Link to comment Share on other sites More sharing options...
G+_Golden Retriever Posted June 8, 2017 Share Posted June 8, 2017 Michael Moller your only partially correct. The edge router X only has ethernet, you still need two wi-fi networks, one in order to connect your untrusted IOT devices and another for your trusted network. Remember the point of 3DR is to protect your PCs, NAS and other high value targets from infiltration from the inside. The IOT devices that you have no way to see the code that makes them work, these devices if left on the same LAN side as your protected assets are vulnerable to LAN type attacks, by putting them on a separate network entirely from your trusted network your eliminating any possibility of an IOT device acting as a gateway to your goodies. Link to comment Share on other sites More sharing options...
G+_Pat Hacker Posted June 8, 2017 Share Posted June 8, 2017 Nice Link to comment Share on other sites More sharing options...
G+_Michael Moller Posted June 8, 2017 Share Posted June 8, 2017 Tod Sage - I have to respectfully disagree with you. Not all IOT devices use WiFi. Two WiFi Access Points are only needed IF your IOT device(s) are connected via WiFi (i.e - Amazon Echo, Light Bulbs, Ring Doorbell, etc.), and if you connect via WiFi on your trusted network (i.e. - Laptop, Tablet, etc.). Q. What if I don't use WiFi on my trusted network and only connect with Ethernet? What if I use Raspberry Pi's or other devices on my untrusted network connected via Ethernet? A. No WiFi AP's needed. So the correct answer to your statement should be that it can vary from 0-2 WiFi AP's required. ; ) Link to comment Share on other sites More sharing options...
G+_Gilles Fourchet Posted June 8, 2017 Share Posted June 8, 2017 Michael, the point is not really whether you use WiFi but to segregate/segment your networks. I'm in the process of implementing the same (ubiquiti edge x router + 2 other routers) and although my "internal" routers are doing WiFi, they are also doing wired and I will use both as I'll have both wired and wireless connections on each of the internal networks. So think about it as a segmentation approach, not specific to wired or wireless. Actually, Padre indicated numerous times that, if you have a high end router (manageable), you can implement the 3DR approach with just one router. Link to comment Share on other sites More sharing options...
G+_Francis Kindred Posted June 8, 2017 Share Posted June 8, 2017 Hi Michael Hill here is a link of some info I read to create a guest network on my edgerouter which is where you can put your untrusted devices. help.ubnt.com - EdgeRouter - How to Protect a Guest Network on EdgeRouter Link to comment Share on other sites More sharing options...
G+_Golden Retriever Posted June 8, 2017 Share Posted June 8, 2017 Michael Moller you are correct sir, I didn't go into all possible configurations, even if you have RJ45 connected IOT, "yes there probably are a few" and hard wire everything, there is still a reason "althow not as pressing a reason" to use 3 devices, it is difficult with a single device to keep track of what is where when setting up the interface because your dealing with virtual network connections, with 3 physical devices as opposed to a single device it is much easier on a conceptual level to keep track of what is where and what is ahead of what and what is behind what and what more importantly is not connected to what. 3 devices give you a good visual aid and make it much simpler to keep track of every. Your far less likely to misconfigure yourself into a vulnerability by mistake. Also as we all know router manufacturers often have undiscovered vulnerabilities, with one device a bad actor only has to Crack one device to get the keys to the kingdom. One other point, I live in an area subject to massive voltage spikes, 3 units leave me more likely to have at least one functional unit that I can temporarily re-task to get back up online until later when the stores are open and I can recreate my set up. Link to comment Share on other sites More sharing options...
Recommended Posts