Hi On Wed, Jun 16, 2021 at 12:12:39PM +0100, Tim Clarke via GLLUG wrote: > I have found the Ubiquiti Edge-X router/firewall appliances to be good > and pretty easy to set up (web gui interface). > They are also very reasonably priced, compact and no moving parts. > Only drawback, I think, is the learning curve for the firewall/nat setup > (somewhat different to standard iptables).
The Ubiquiti look pretty, and can work well, but have a history of poor compliance with the GPL as well as a very bad approach to security: https://krebsonsecurity.com/2021/03/whistleblower-ubiquiti-breach-catastrophic/ Seems like an employee stored privileged credentials in LastPass, which were then used by attackers to gain root level access the the Ubiquiti servers. Ubiquiti can say “no evidence that customer information was accessed" with a straight face because they did not audit that access. I believe you can still use a local password instead of a cloud stored one, but the last time I had to do this it was not particularly obvious (a bit like Windows 10). And there is probably no guarantee that it won't be stored in the "cloud" in a future release without your knowledge. And lastly, as other people have said, a firewall won't stop most ransomware attacks. Offline/remote backups and user (and admin) education is what you need. Snapshots that are only accessible by admins, and restricting user write access to only the bare minimum of files can also be useful but are generally harder to implement. -- #---------------------------------------------------------# | John Edwards Email: j...@cornerstonelinux.co.uk | #---------------------------------------------------------# -- GLLUG mailing list GLLUG@mailman.lug.org.uk https://mailman.lug.org.uk/mailman/listinfo/gllug
