Page 11 of 12 FirstFirst ... 9101112 LastLast
Results 101 to 110 of 114
  1. #101
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,095

    Default

    Support alone makes it go negative, which is why it gets the same support as free Untangle. The fact either are actually supported is a huge value sink, but I don't think it could work any other way. What is else Untangle supposed to do? Stuff ads in the admin console?

    So instead of going the corporate nightmare route, they tell their support team to handle tickets for HomePro and non-support carrying Untangle installs when they don't have any other tickets to process. From a business standpoint, this is an investment in PR but it goes against the bottom line. A larger corporation would just not do either.
    Jim.Alles likes this.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  2. #102
    Untangler
    Join Date
    Dec 2017
    Posts
    89

    Default

    I donít let guests or family on my network 😝 when you say jailed do you mean MAC address locked? What specifically do you mean by jailed.

  3. #103
    Master Untangler
    Join Date
    Oct 2017
    Posts
    151

    Default

    Quote Originally Posted by flynhawaiian View Post
    I don’t let guests or family on my network �� when you say jailed do you mean MAC address locked? What specifically do you mean by jailed.
    I was going to ask the same.

  4. #104
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    2,523

    Default

    Jailed, because I would trust them less than my family . There are too many variables give specific risks or mitigation methods. If compromised, IP cameras can easily be used to host a botnet or other attacks without giving symptoms. They shouldn't have access to anything other than the DVR on the network, and if you can tolerate it, they shouldn't have regular access to the Internet.

    I don't have any IoT in my home. The cameras I am putting in are hardwired composite video. Hack that from where you are!

    This is way off topic. If you have specific Q.s, please ask on that forum https://forums.untangle.com/off-topic/ Likewise, if I have any particular gems, I will post them there. But you will find a host of horror stories Googling internet security cameras...

    Untangle NGFW & SDN can give you the tools to segregate devices on 'segmented networks'.
    Last edited by Jim.Alles; 02-09-2020 at 05:19 PM. Reason: segmentation, like Sam.

  5. #105
    Untangle Ninja
    Join Date
    Feb 2016
    Posts
    1,057

    Default

    Quote Originally Posted by flynhawaiian View Post
    I don’t let guests or family on my network �� when you say jailed do you mean MAC address locked? What specifically do you mean by jailed.
    I would just add that for those of us that do allow guests or extended family to access our home networks for some purpose (at my house the purpose is typically Web access), we can "jail" or "sandbox" them through a variety of methods that don't require anything special from Untangle (as in costing more money beyond the HomePro subscription). In my case I added a NIC and an access point (both "in stock") so all guests and extended family are on their own isolated subnet. I use Captive Portal and Policy Manager to give them their own space with proper notice that they're on their own if something messes up their devices (though in reality the only difference of substance is no SSL inspection).

    This is indeed off topic but I did all this at the $50 subscription price. I'm a happy camper.
    Jim.Alles likes this.

  6. #106
    Untangler
    Join Date
    Dec 2017
    Posts
    89

    Default

    Still a little confused on how to properly "jail" a VLAN.

  7. #107
    Untangle Ninja
    Join Date
    Feb 2016
    Posts
    1,057
    Jim.Alles likes this.

  8. #108
    Untanglit
    Join Date
    Feb 2019
    Posts
    15

    Default

    Quote Originally Posted by Jim.Alles View Post
    Jailed, because I would trust them less than my family . There are too many variables give specific risks or mitigation methods. If compromised, IP cameras can easily be used to host a botnet or other attacks without giving symptoms. They shouldn't have access to anything other than the DVR on the network, and if you can tolerate it, they shouldn't have regular access to the Internet.

    I don't have any IoT in my home. The cameras I am putting in are hardwired composite video. Hack that from where you are!

    This is way off topic. If you have specific Q.s, please ask on that forum https://forums.untangle.com/off-topic/ Likewise, if I have any particular gems, I will post them there. But you will find a host of horror stories Googling internet security cameras...

    Untangle NGFW & SDN can give you the tools to segregate devices on 'segmented networks'.
    I have 18 ip Cams On my Default Lan Good luck hacking them. I have Vlans setup but there's no need to put them on the vlan they have no wan access. I guess you could hack My Synology Nas If you really wanted to get to them good luck with that. Unless your running with ports open Nat is more then enough to keep out the Hacks. I vpn in when i want to check out my cams.

  9. #109
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,095

    Default

    Why would you say good luck hacking them? Are you assuming the border you built is effective?

    The problem with infosec in 2020 is that those borders essentially do not exist. When without, becomes within... then what?

    To boil it down further, it isn't an external host that will hack your cameras. It's a trojan infested botnet member on a laptop or other roaming device that connects to your wifi that will hack your cameras. And you have a firewall policy that prevents their IP addresses or MAC addresses from getting to the Internet? That's cute... did you forget the infection vector to begin with?

    Threats today are automatic, and will exploit almost an infinite amount of weaknesses, and they have near infinite time to do it. Do some research on one threat specifically...Emotet... It's been years, and we STILL do not have tools to properly detect it. And mitigation is format C: on the ENTIRE NETWORK!

    The directive to separate is correct, any device that doesn't have monthly security updates automatically applied should be in an isolated network separate from anything else, ideally so isolated even other such devices cannot see it. It's the only way to prevent them from infesting each other. This problem gets even more pronounced when you realize that any cell phone that doesn't have Apple or Google's name on it falls into this category. And I mean that specifically, because if it isn't an iPhone, or a Pixel, or hasn't been rooted such that an actual maintained OS can be installed... it's vulnerable.
    Last edited by sky-knight; 02-10-2020 at 07:45 AM.
    junglechuck likes this.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  10. #110
    Untanglit
    Join Date
    Feb 2019
    Posts
    15

    Default

    Quote Originally Posted by sky-knight View Post
    Why would you say good luck hacking them? Are you assuming the border you built is effective?

    The problem with infosec in 2020 is that those borders essentially do not exist. When without, becomes within... then what?

    To boil it down further, it isn't an external host that will hack your cameras. It's a trojan infested botnet member on a laptop or other roaming device that connects to your wifi that will hack your cameras. And you have a firewall policy that prevents their IP addresses or MAC addresses from getting to the Internet? That's cute... did you forget the infection vector to begin with?

    Threats today are automatic, and will exploit almost an infinite amount of weaknesses, and they have near infinite time to do it. Do some research on one threat specifically...Emotet... It's been years, and we STILL do not have tools to properly detect it. And mitigation is format C: on the ENTIRE NETWORK!

    The directive to separate is correct, any device that doesn't have monthly security updates automatically applied should be in an isolated network separate from anything else, ideally so isolated even other such devices cannot see it. It's the only way to prevent them from infesting each other. This problem gets even more pronounced when you realize that any cell phone that doesn't have Apple or Google's name on it falls into this category. And I mean that specifically, because if it isn't an iPhone, or a Pixel, or hasn't been rooted such that an actual maintained OS can be installed... it's vulnerable.
    Good info glad I don't have any devices on my main lan that don't get regular security updates. Cellphones & Laptop's are actually the devices that go to VLans on my networks. So I'm still not too worried I'll keep being cute thanks

Page 11 of 12 FirstFirst ... 9101112 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2