First post here in the TWiT community. Been a listener of TWiT on and off for quite some time.
TLDR - what tools are recommended for doing home network monitoring, IDS, firewall, use reporting by device, and controlling access to devices?
A bit more:
Is there an episode of Security Now or another TWiT show that shares some recommended tools (open source or COTS) for home network and security monitoring/reporting? If no, what would you recommend using at home?
My kids are doing online schooling and we have a number of different things we’d like to be able to do:
Monitoring/Reporting - see what they’re looking at during the day - real time and historical, what sites, domains, etc. by device
Proactive control - we want to be able control access to certain application traffic by time of day. For example, we have one son that is jumping on Google Hangouts video calls with his friends during class and missing class! Sometimes we can’t catch that - we’d like to be able to disable that specifically from 8am to 2pm or at least know when it happened.
Proactive control - we want to be able to restrict access to certain websites all the time by device or groups of devices
Detection - I’d like something inspecting incoming and outgoing traffic looking for rogue devices, probes, DDoS attacks, etc. etc… IDS type stuff. I think I used to use snort for this long ago on a Linux box that was inspecting packets, but that was when there was MUCH less volume of packets coming in - like <10 Mbps.
Monitoring/Reporting - I want to be able to see typical network activity by device, by TCP port or application. real time and historical
Stuff like that. I probably could put in a proxy server and monitor/report off of that. And could just have all traffic go through a linux box with a couple of NIC’s in it. But my time is tight, and I wouldn’t mind spending a few bucks to get some sort of device or solution that does this as well…
If the device has cellular access, this will completely bypass any of your efforts on your home network, so I assume you’re aware of that.
What you want is effectively a proxy. The issue is going to be TLS 1.3 (aka HTTPS.) If you can’t see inside of streams, you can’t know what they’re up to, short of assuming by IP address/port. This is the same issue that enterprise customers have, and they usually solve it by forcing every client to install a trusted root certificate so they can MITM all HTTPS traffic.
Short of that, you can block based on DNS. That might be enough for your needs, but again you need to do it at the router level in order to force all clients in the home to use your chosen DNS. NextDNS has been recommended by @Leo before, so maybe look into how you can have that at the router level.
I don’t know of any easy to use, reasonably priced for home use, device that can do all you want.
You can use a $100 Fingbox to get some of the capabilities you mentioned. I’ve had a first generation Fingbox for quite a while and find it very helpful especially when combined with the Fing apps. https://www.fing.com/products/fingbox
Thanks! Some more info - my setup is quite basic right now: cable modem to Google Nest Wifi. All clients connect wirelessly.
Re: proxy - hmm. So I’d need a Linux box with two NICs - one for the cable modem and the other attached to a network with Google wifi sitting on it and the proxy is on the Linux gateway box then right?
Wow that’s expensive, and mostly you’re paying for anti-virus I think. It still may be worth it to you if it meets your needs and saves you time and/or worry. I am a bit upset that there doesn’t appear to be any demo or even a peek at the owners manual.