Ask HN: How are you securing your home network? - mandeepj
======
indemnity
I keep it simple: UniFi Security Gateway connected to my fibre ONT, integrates
well with my UniFi PoE APs.

It runs some flavour of Linux.

In the past I’ve maintained a custom FreeBSD or Linux server for this purpose
but life’s too short.

~~~
jimnotgym
Did you get a UniFi POE switch too?

Just ordered a UniFi AP for home, we use them at work and they have been very
good. I have ordered a seperate VDSL modem too (Openreach from ebay until I
save for a Draytech 130).

I really like the look of the Unifi router...maybe next pay day!

------
k4ch0w
I'm a nerd, I have my own PFsense router setup. This allows me to customize my
entire network, with VLANs, snort and adblockers. I keep the Wifi on it's own
seperate VLAN from my servers, so when guests come over I don't worry about
them. I also have PIA setup by default so everything goes through a VPN. I
highly recommend it! You gain network skills really quickly and it's not
painful to setup once the OS is installed.

------
txutxu
Years ago, un my home, i used 2 layers of routers: 1 Linux and 1 openbsd.

In front of the Linux there was a cable-modem, and behind there where a couple
DMZs, with servers, and wifi, and my home LAN.

I had my own DNS/DHCP servers.

Almost all services were internal (files, webs, git, streaming, databases,
backups, monitoring...)

Nowadays, my home is rented, and i live in a nomad way were i get job. Just
one laptop.

------
matt_the_bass
I know I’ll get slack for this, but I use a google WiFi router. Yes I know it
shares info with google to enable some of the services it offers. However I’m
already in the google ecosystem at work and use Gmail at home. So I don’t
think I’ve increased their access to my private life.

Their product is really simple to set up, offers a simplified “work for most”
default setup but it also lets you dig into the router config details of you
care.

It also offers a separate ssid for guests that only tunnels to internet and
does not allow device to device communication on the lan.

There is something to be said for not requiring a lot of active effort.

FYI I don’t host or run any internet facing services from my home network.

~~~
kevinherron
Same here. It came down to this or a pfsense + ubiquiti setup and convenience
won out.

Easy to set up, performs incredible compared to the garbage netgear router it
replaced, and I have at least some confidence that the firmware will be
regularly updated, or updated to patch security vulnerabilities, which I can't
say about anything from linksys/netgear/etc...

Pfsense obviously would allow updates, but again, convenience...

------
dabockster
I just use an Airport Extreme since I don't have enough complexity to warrant
my own Linux box.

