On Sat, Sep 27, 2014 at 11:38 AM, Volker Kuhlmann <[email protected]> wrote:
> Anything your router exposes to the Internet is a valid attack surface. > You are at the whim of the router's firmware, too often proven to be > insecure and non-patchable (vendors don't give a toss). Just because you > can't see anything easily on the outside of your router doesn't convince > me, there are substantial access methods there for use by the telco. Devices provided by the Telco itself are usually exposing management interfaces back to them - I know that this is a pervasive problem in places like the US, but I have no specific data about NZ practices, and to be honest I've never used any device the ISP has delivered to me, except for diagnostics. That'll probably change when I get fibre installed -( > I have a separate SSID > > for family visitors to use, for example. > > Is this separate SSID provided by the same wifi AP? Different AP, different subnet, routed to the Internet directly. If you started adding manual routes you could get through to the other internal network, I think. I originally wanted to do it all off the same kit and VLAN the traffc, but at the time my pfSense was old and not playing well. These days I'd rather have duplicate devices than a complex software setup - it means I have less to remember :-) -jim
_______________________________________________ Linux-users mailing list [email protected] http://lists.canterbury.ac.nz/mailman/listinfo/linux-users
