I have a somewhat complicated network topology at home. Here's my equipment:
- A Comcast "modem" UBEE 3513
- Asus RT-N66U (used for firewall, routing, and port forwarding)
- Core-i7 Windows 10 Home PC (media server)
- A Roku 4 Ultra (used to stream programming to television from the Plex PC)
- An Amazon Alexa
- Synology DS1815+ Diskstation (PDF link)
- Five Hikvision cameras set up using the Synology Surveillance Station
- Television (Sony recent model)
- Playstation 4
- Nintendo Switch
- Old Mac Pro workstation (used as a file server for downloading stuff)
- 2 Ubiquiti UniFi access points
- Nest thermostat (first gen)
- Marantz SR6010 receiver
- Laser printer
- Computers
- iMac
- Macbook Pro
- Other Macbook Pro
- Macbook
- PC laptop
- Core i9 PC workstation
- Various iPads, iPhones, and wireless devices
- I also have a 10gb fiber run to my separate garage where I have some equipment and one of the wireless access points.
Current config:
My internet connection goes directly from the UBEE modem to the Asus. The Asus handles all connections and routes accordingly. I have ports forwarded for my media server's apps so that I can share them out to the general internet. (I watch Plex and listen to my music using Subsonic almost every day).
I often access several of my computers using Splashtop. I'm not that happy with it, and screen sharing actually works better when I'm going from Mac to Mac. But it works OK in a pinch. I never SSH or use command line in any way. I'm not familiar with the terminal for accessing remote machines (or in any way, really).
I occasionally log into my Synology for file access remotely. I also use the iPhone app to log in and check my security cameras very often (several times a day).
My Windows 10 Home server has NO firewall activated. I did that to make sure it could be accessed easily from the internet. (I'm sure this is making some folks cringe). I have never had an issue with that machine. It is never used for web surfing, it ONLY runs the server software.
Currently, the Asus' firewall is set to "On". I don't have any custom settings (nor would I know how to properly configure them). The "Enable DoS protection" and "Respond ICMP Echo (ping) request from LAN" are both set to "no". I realize this is probably unsafe (that's why I'm posting here). I don't really know what those mean. I want to button it down properly and make sure my systems are as safe as they can be realistically.
I have an A NAME record pointing from my hosting provider to my home using "home.mydomain.com" so that I can log in easily without having to remember my IP. I have to reset the A NAME record to my new IP every few years.
I have a Comcast business account at home (no data caps).
I do not know really what a tunnel is. I do not really understand VPNs (although we use a Cisco VPN at work). I have heard that those two things would help secure my network. Not really sure how.
How can I make this more secure using my limited knowledge and HUGE fear of the command line?
Submitted March 30, 2018 at 10:35PM by spdorsey https://ift.tt/2pP0hZA
No comments:
Post a Comment