We increase the security of the local network with Firewall, Adblocker, private DNS.
Most people do not understand how a corporate network works to protect corporate data.
Corporate networks involve the use of firewalls, proxies, switches, routers, servers, all devices that have a single purpose, the defense of the company perimeter from attacks, data theft, viruses and more.
Similarly, I wonder why the private network of citizens and consumers should be considered a sieve by companies and governments, who try to steal data in any way possible, even illegally, through the lack of adequate IT defenses.
This is why today it is essential to implement a series of countermeasures to defend it from more or less legitimate attacks. If the Internet has been one of the greatest human innovations, its use for commercial or fraudulent purposes to the detriment of the masses has made it a wild and brutal place where we are all at risk.
In this article I will provide a series of indications on how to increase the security and privacy of our local network.
The Router
The first network device on which we must act is certainly our Router with two necessary distinctions, if the router we use to connect to the Internet is the one provided by our ISP (Telecom, Vodafone, Sky, Fastweb etc.) know that you will have limits imposed by the software that will decrease performance and above all that you will have few possibilities to customize the configuration.
On the contrary, if we buy our router we will have full control over it and we will be able to configure it as we wish.
The key changes on the router include:
1. Replacing your provider's DNS with Quad9 (Dns that guarantees privacy and acceptable speed)
2. Change all the default passwords for both wifi and router access
3. If your router allows it (I recommend asking before buying) set up a VPN with for example ProtonVPN. (Some people think this just means moving trust to another provider, but adding a layer of complexity may be necessary in some countries) .
These three things are the minimum level to increase security and privacy on our router and we can do it right away, remember that the router is the first point of access to the Internet.
Physical or Virtual Firewall
Adding a firewall to our network will allow us to have control over what can enter and exit our local network, there are two types of firewalls that we can install, a physical one with dedicated hardware or a virtual firewall through the installation of a virtual machine.
The simplest thing is the virtual one, if we have a PC with at least two network cards we can install open source products like OPNsene or IPFIRE , both excellent products even if the first one is perhaps a little more complex.
With OPNsense we will have the possibility to extend the functionality also to ADGuard home which blocks advisors and more at DNS level, however we can also install ADGuard Home separately.
IPFire Download Link
OPNsense Download Link
DNS + ADBlocker
Another level of security is achieved by adding to our network a DNS server like AdGuardHome that will filter requests and will not allow trackers to track our activities on the Internet, there are configurable lists on AdGurd that can block trackers from Google, Facebook, Windows, Microsoft, Office but also from smart TVs and other devices allowing us to navigate safely.
The link below also suggests browser installation but my advice is to install it as a server so that it can be used across the entire network.
Link adguard home
https://adguard.com/en/adguard-home/overview.html
VPN
VPNs as mentioned before are very controversial at the moment, for some it only means moving our traffic from our provider to another, forgetting however 2 of the characteristics of VPNs, the first is that the traffic passes through an encrypted tunnel even if the VPN provider can still track the connections to the sites visited, the second is the geographical position , let's think for example of authoritarian regimes that constantly monitor communications if I change my public IP and use a VPN that does not keep logs of my connection it is safer than not having these two protections at all, don't you think?
Having said this, let's see what characteristics a VPN must have to be considered more secure:
1. No Log policy (if I don't have the logs I can't provide them to governments, corrupt judiciaries etc.)
2. Widespread server deployment across the globe.
3. Be based in a country outside of 5,9,14 eyes for those who don't know what that is here's a link:
https://www.vpnmentor.com/blog/understanding-five-eyes-concept/
4. Possibility of using the Tor network
At the moment I personally use ProtonVPN
Don't be scared by not knowing how to do each of the actions described above, sometimes it's just indolence that prevents us from doing what we should do, have the curiosity to know and learn to protect what belongs to you, that is, your right to privacy and not to be profiled.
