Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Paranoid IDS/IPS/Firewall setting for the home internet access

  • Please log in to reply
1 reply to this topic

#1 rickh2


  • Members
  • 12 posts
  • Local time:01:17 AM

Posted 17 September 2017 - 05:35 AM

Forgive my fundamental lack of knowledge about security For a home user, what could be the most automated and secure hardware/software setting to secure devices (other than switching the devices off)? Having lets say iot devices which in my opinion are:


windows phones

raspberry pi-like devices


Now I know that xbox and windows phones are closed systems, but from what I have recently heard by justice dept-security specialists it doesn't matter how closed these devices are they are all hackable especially when they were using wifiAP/tethering/developer modes at least at some point in lifetime.


So what I'm considering as a paranoid but automated setting:

Norton core/ Bitdefender box

Bro IDS/Suricata or other log analyzer on some raspberry pi.

VPN on the end router

Maybe a traffic analyzer/sniffer/ids on the other side of the vpn.

Phone number changed every month or so

Some total security software- bitdefender? Norton?

Some bulk blocklist for the firewall? Where to get one if those are generally available?


My biggest security danger that I'd like to defend from is not typical malware from pirated software or porn sites or other typical places where I can catch it. Also not a fake bank phising messages (probably). I'm not that scared of typical mass automated malware that is obviously known. My deal is defending from direct attacks through lte connection to retrieve photos, films from the camera, messages, keystrokes, passwords, financial activity etc. Worst case scenario is the supposed "no trace" attacks to defend from




BC AdBot (Login to Remove)


#2 Umbra


    Authorized Emsisoft Rep

  • Members
  • 139 posts
  • Gender:Male
  • Local time:06:17 AM

Posted 17 September 2017 - 06:43 AM



Unless you are a person of interest, i don't see you victim of such attacks. 


I will tell you honestly, if a hacker is targeting you specifically and have the resources (money), time and motivation, he will eventually find a way despite all your security measures. 


The best way to protect your sensitive datas are to encrypt them then store them in a unconnected external storage. 


If you still want secure your system, a layered security strategy is required (using several software complementing each other).


Also, against such attackers, investing in some hardware security appliance to protect your network is needed , but those cost thousands of dollars...

Edited by Umbra, 17 September 2017 - 06:45 AM.

Emsisoft Community Manager

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users