It’s not just US ISPs, this is worldwide behavior. Good on you to put a firewall between your network and your ISP’s gateway.
I don’t know if you went further than that, but in my case, once I had my OPNSense deployed, I went ahead and disabled all the radios of the ISP’s ONT gateway, changed it’s DNS server to Mullvad, and only left 1 LAN IP address to the OPNSense.
If you are aware of more things that can be done to give the ISP modem even less room to move around inside, I would appreciate you sharing it as well.
I wish more people would take the time to learn a bit about securing their home networks. What I do is that I offer my knowledge for free to neighbors, friends and family. Some actually want it and act on it, but the sad truth is that the vast majority still has this ‘I have nothing to hide’ mentality, and I’m not explaining how much marketing BS that is to them for the 100th time.
As someone with a basic background in IT, nothing advanced, but enough to be the “family tech guy”, I just bought my router(mesh network) what can I do? Where do I start? I think I may have messed up with my brand choice, being EERO, as they seem to have things locked into their proprietary app. I was sorta desperate for a quick fix at the time, didn’t do the due diligence I should have.
Edit: preemptive thank you if you take the time to reply. As I am not “friends or family to you”. I do appreciate the expertise!
i’m sure that’s a fine setup for the average home user but devices that use proprietary firmware like that aren’t conducive to a security-first design where you hold all the keys. because it’s designed to be secure, even from you, it always has an asterisk on it (network is secure* according to eero). that and you have no way of verifying what data it’s phoning home (and a lot of devices soft brick themselves if you cut their connection to the cloud).
the most useful advice i can generally offer is to add a proper network security device running pfSense or OpenWRT to seize some control over internet access and DNS resolution and to implement VLAN segmentation to keep trusted devices secure from trusted* and untrusted devices.
Just adding if you have any resources about how to go about this i would more than appreciate any nuggets you can share. I have a some networking background from college but its been about a decade since I used any of it so any help to point me in the right direction of hardening my network like this would be extremely appreciated. Thanks!
It’s not just US ISPs, this is worldwide behavior. Good on you to put a firewall between your network and your ISP’s gateway.
I don’t know if you went further than that, but in my case, once I had my OPNSense deployed, I went ahead and disabled all the radios of the ISP’s ONT gateway, changed it’s DNS server to Mullvad, and only left 1 LAN IP address to the OPNSense.
If you are aware of more things that can be done to give the ISP modem even less room to move around inside, I would appreciate you sharing it as well.
I wish more people would take the time to learn a bit about securing their home networks. What I do is that I offer my knowledge for free to neighbors, friends and family. Some actually want it and act on it, but the sad truth is that the vast majority still has this ‘I have nothing to hide’ mentality, and I’m not explaining how much marketing BS that is to them for the 100th time.
As someone with a basic background in IT, nothing advanced, but enough to be the “family tech guy”, I just bought my router(mesh network) what can I do? Where do I start? I think I may have messed up with my brand choice, being EERO, as they seem to have things locked into their proprietary app. I was sorta desperate for a quick fix at the time, didn’t do the due diligence I should have.
Edit: preemptive thank you if you take the time to reply. As I am not “friends or family to you”. I do appreciate the expertise!
i’m sure that’s a fine setup for the average home user but devices that use proprietary firmware like that aren’t conducive to a security-first design where you hold all the keys. because it’s designed to be secure, even from you, it always has an asterisk on it (network is secure* according to eero). that and you have no way of verifying what data it’s phoning home (and a lot of devices soft brick themselves if you cut their connection to the cloud).
the most useful advice i can generally offer is to add a proper network security device running pfSense or OpenWRT to seize some control over internet access and DNS resolution and to implement VLAN segmentation to keep trusted devices secure from trusted* and untrusted devices.
Just adding if you have any resources about how to go about this i would more than appreciate any nuggets you can share. I have a some networking background from college but its been about a decade since I used any of it so any help to point me in the right direction of hardening my network like this would be extremely appreciated. Thanks!