Network security applicance recommendations

Can anyone recommend a home network security appliance that "watches" incoming traffic and alerts you via email or an app to intrusion attempts or other security threats? I've come across devices like FingBox but that just logs network clients and doesn't really do anything to lock down the local network.

Would a Ubiquiti ERL do the job?

In reply to a post by joconnell:

Can anyone recommend a home network security appliance that "watches" incoming traffic and alerts you via email or an app to intrusion attempts or other security threats? I've come across devices like FingBox but that just logs network clients and doesn't really do anything to lock down the local network.

Would a Ubiquiti ERL do the job?

I know some will disagree but on a home network such a thing isn't going to be much use, and besides that, the game is lost if anything is actually happening that is dodgy.

Exactly what security threats are you concerned about? I presume you block anything unsolicitied from the internet coming in therefore there shouldn't be anything dodgy inbound - end of.

Outbound - ensure that your devices all have AV/Anti Malware etc and are patched and secured accordingly.

A lot of firewall products allow you to set up notifications by email when a particular event happens. The only thing I would say is that you may end up receving a huge number of alerts.

There are automated and massively distributed scanning netorks in China that constantly probe for vulnerabilities and the Russians have a fair amount of scanning activity too. The Chinese attempt is much more sophisticated in the way it's coordinated but the Russians are sneakier, launching scans from IP address ranges which have been falsely registered as belonging to legitimate and unsuspecting UK companies.

You could easily get an alert every few minutes. I've just had a look at one of my firewalls (with three external IP addresses) and there have been 445 connection attempts denied in the last hour. Another firewall with five external IP addresses reports 369. Basically, more than one event every ten seconds. It's going to be less than this if you have only a single IP address but it could still be significant.

Fingbox will alert you any time a new device joins your local network and this alert is sent to your mobile phone and email address. You can then block the device from your mobile phone so it does lock down the local network to an extent.

What it doesn't do is alert you if an external inbound connection is made to an existing local device. Having a decent router with an inbound traffic filter set to deny all (and not having exposed UPnP) helps mitigate against this.

In reply to a post by Pipexer:

I know some will disagree but on a home network such a thing isn't going to be much use, and besides that, the game is lost if anything is actually happening that is dodgy.

Exactly what security threats are you concerned about? I presume you block anything unsolicitied from the internet coming in therefore there shouldn't be anything dodgy inbound - end of.

Outbound - ensure that your devices all have AV/Anti Malware etc and are patched and secured accordingly.

I have all that set up on my router so I guess that's that. I've been seeing more and more articles about security devices like FingBox, RatTrap and other similar devices and thought they'd be useful, but from what you've said and from thinking about it, there's probably much less of a need for them.

I suppose being alerted to a new device joining the network and blocking it by default until pressing a button on an app would be useful but I don't know of any hardware and app combo that does that.

In reply to a post by caffn8me:

A lot of firewall products allow you to set up notifications by email when a particular event happens. The only thing I would say is that you may end up receving a huge number of alerts.

There are automated and massively distributed scanning netorks in China that constantly probe for vulnerabilities and the Russians have a fair amount of scanning activity too. The Chinese attempt is much more sophisticated in the way it's coordinated but the Russians are sneakier, launching scans from IP address ranges which have been falsely registered as belonging to legitimate and unsuspecting UK companies.

You could easily get an alert every few minutes. I've just had a look at one of my firewalls (with three external IP addresses) and there have been 445 connection attempts denied in the last hour. Another firewall with five external IP addresses reports 369. Basically, more than one event every ten seconds. It's going to be less than this if you have only a single IP address but it could still be significant.

Fingbox will alert you any time a new device joins your local network and this alert is sent to your mobile phone and email address. You can then block the device from your mobile phone so it does lock down the local network to an extent.

What it doesn't do is alert you if an external inbound connection is made to an existing local device. Having a decent router with an inbound traffic filter set to deny all (and not having exposed UPnP) helps mitigate against this.

All sensible advice. I guess I was getting sucked into the hype surrounding these new breed of home use security appliances when in fact nothing of the sort of actually required as I have my router pretty much locked down, with no unsolicited inbound traffic allowed.