Duhncan's Personal Blog
Home Posts Tags Categories Docs About
Duhncan's Personal Blog

Contents

Home Network - Part 1: The Beginnings

 included in HomeNetwork
   1695 words   8 minutes 
/home-network-part-1-the-beginnings/featured-image.jpg

Introduction

So recently I had an incident happen with my home NAS that I thought I was protected against but wasn’t, and this sparked an urge in me to up my home security game and learn more about networking and security. My only other experience with network security is just whatever I researched in my spare time as well as one university unit that I completed for my Computer Science part of my degree. So hopefully now I will be able to dive deeper and become well versed in this area. For the longest time I’ve also been meaning to try out PFSense as I‘ve only heard good things about it and the community do it seems like a fun project that I can learn a lot from.

In this post, I will mainly aim to describe what I want in my new network setup aswell as the breakdown of what I currenltly have and how or what will improve or change.

Aim

With any project that you start, it is imperative that you have have a clear set of aims despite how vague they may be. If the aims are vague, then more research and learning must be done to fully understand and become aware of the project at hand. Therefore, my aims for this project are to:

  • Improve my home network security with minimal open ports and vulnerabilities within my firewall.

    • To pair with this, implement a PFSense router due to it’s high control and security compared to other regular off the shelf solutions.

      • With this router, I want to have alerts for any intruders or attempted attacks on my home network with protocols to shut certain devices down to minimise damage to any of my systems.

  • If possible, have a wifi mesh system so as to not have to switch networks when at different sides of the house.

  • Implement a UPS to minimise downtime when the house loses power.

  • Create a plan for maintenance of this entire system to regularly check batteries and performance of hardware.

Current Breakdown

In order to improve my current system, I must first be aware of my current situation. The image I sketched below basically sums up my current setup.

/home-network-part-1-the-beginnings/271773353_1265904987237274_3406457864080393647_n.jpg
Current Home Network

At the moment, I have my NBN connected (little more on this later) which is basically my internet connection from my ISP (company that provides me with internet access) to one wireless Asus router. This wireless Asus router is connected to another wireless Asus router to form a wifi mesh and the first router is also connected to an unmanaged switch to provide access to all the Ethernet ports littered over my house. The firewall on the initial router is set to “strict” and whatever ports that are blocked that I need access to, I manually open and close as I see fit.

With this kind of setup, I find it works well and the mesh system is seem less which I like though sometimes these routers need a reboot after a certain length of time as they seem to become sluggish and provide a slow internet experience. I’m hoping that a nice little strong dedicated PFSense box will fix this.

I currently don’t have any dedicated VLANs setup but these routers provide dual wireless networks at different frequencies being 2.4GHz and 5GHz though this is becoming pretty standard these days and not really something to mention. Wherever I can, I connect my devices using an Ethernet cable but phones and other devices I will choose one of the wireless networks.

But that basically sums up my current setup. So now onto my research and understanding of networking.

Networking

So now down to the nitty gritty stuff. In this section I will try to understand most of my network as much as I can and detail what I feel is worth sharing.

NBN

Starting right at where I get my access to the internet, in Australia, we have something called NBN (National Broadband Network). When it first got pushed out as a standard, there were a lot of mixed review with some claiming how unreliable and untrustworthy it was though I’ve read that it was actually due to our big Internet Service Providers (ISP) purchasing slower speeds and bandwidths from NBN and blaming it on them. Anyway, we have one of these set up with FTTP (Fibre to the Premises). This is deemed to be the best type of connection as it has to have all the fibre laid within the streets all the way to your property therefore making it rarer especially in older suburbs of your city.

When NBN is installed on your property, it usually utilises these three components:

  • NBN Utility Box
  • NBN Connection Device or NTD (Network Termination Device)
  • Power Supply with Battery Backup

/home-network-part-1-the-beginnings/2.png
NBN Setup

The NTD is a direct fibre connection to the NBN service which connects me to the internet. As this is my first point of contact, I will need my firewall connected here to start managing all the traffic in and out of my home network. This area is important!

Router

Purpose

So the main purpose of a router is to route network packets from network to network based on their addresses. It connects your Local Area Network (LAN) to the Wide Area Network (WAN) or internet and allows you communicate with other devices. It is responsible for managing all the network traffic and thus is a vital role in your home network.

As this is the first point of connection from your local network to the internet, most routers have something known as a firewall which is a network security device that monitors incoming and outgoing traffic. It has a list of what traffic to accept and block and blocks your local network from the outside world where internet spys, thieves and malware artists live and wait to do their bidding. Your firewall is an area where you want to increase care when setting up as it can be very detrimental to you, and anyone on your network.

Current Device

/home-network-part-1-the-beginnings/router.png
ASUS RT-AC68U

My choice of router when first setting up my home network for my family when they built this house was upon recommendation of a bunch of people online, the ASUS RT-AC68U. It was a router that was not too expensive, but not to cheap with a nice GUI, 2.4GHz and 5GHz wireless, AiMesh WiFi and supported the NBN speeds that I planned on purchasing.

Originally I only purchased one of these to see how the internet would reach around our house though as time moved on, I purchased a second one and utilised the AiMesh feature which works seemlessly. Bear in mind though, I haven’t stress tested anything but just general use as gone without complaints. Though one annoying thing about this router that may be only specific to me, is that every now and again when my router has been working for months and months, network performance drops and everyone has a very slow experience. This can usually be fixed by restarting the router which is annoying, but is a quick and easy fix.

Firewall

The current firewall on this is standard with DoS protection though I haven’t touched this section on the router at all.

I would like to learn more about this section when setting up my new router.

Other Settings

Manully Assigned IPs

I have tinkered with some network settings on this router but mainly for any server related devices in order to keep track of their local IPs. For each server I’ve added to the network, I’ve set the router to manually assign their IPs that they are in a range that way my network is more organised than being scattered everywhere.

To further implement organisation on my network, I have researched a bit into IP addressing and found that their are other IP ranges available for private use. Most people are use to the standard 192.168.X.XXX form of IP but the other usable ones are:

  • 192.168.0.0 - 192.168.255.255
  • 172.16.0.0 - 172.31.255.255
  • 10.0.0.0 - 10.255.255.255

Each network has a larger amount of addresses than the next though the last one in the list seems to be the easiest to use and remember and I don’t recall any disadvantages of using a network this size from my University course. As long as you select the right subnet, you can start of with a smaller network and expand as you need. Soooo I’ll probably use the 10.0.0.0 space :)

Within the space I’ll have a large section assigned in my DHCP server for all WiFi connected and general use devices, then have a section for all my server related devices, potentially one for IoT devices in future and whatever else I may need as time goes on. I will also most probably set up different VLANs and connect them which I currently can’t do with this router but will do on my new device.

New Device

All I know for my new device is that I want to use PFSense software because of all the great things I’ve heard about it. Everything that I’ve listed that I want to do on my new system, PFSense can handle and there is such a large community supporting it so I can ask questions and find out more.

I tossed up between building a router with old computer parts but there seems to be a large power consumption with these systems so I will probably purchase a prebuilt system that is designed for routing purposes. I’ve seen some 4 port devices on Amazon that sell for around $400-500 which are a bit expensive and I’ve seen the NetGate SG1100 which is a little cheaper at about $300 which all support PFSense but that I will decide, purchase and hopefully setup before I go back to Uni this year.

Conclusion

This will be continued but I just wanted to get the ball rolling with this post so I can document some of my process when upgrading and have these ideas in the back of my mind during this project.

Updated on 2022-01-12
Read Markdown
 networksecuritynasnbnpfsense
Back | Home