I bought one of these little things, mostly to be able to get an LTE connection when I'm traveling, and the rest of the features were a great value add.
It's been very helpful so far for the WiFi repeating and being able to override the DNS across the board, however, I've struggled to find a decent LTE stick for it. I bought a Huawei E3372-325 LTE stick, but unfortunately it doesn't work properly. Having searched for the issue, I'm not fully understanding what needs to be done.
I'd love some suggestion for a decent stick that works with OpenWRT. I've struggled to find a good resource for this where I can narrow down products that would work with it, and suit my needs.
I'm in the same boat. The most reliable solution I've found is a mifi 8800L, which is cheap, works with resellers of Verizon like US Mobile, and tethers over USB, but is annoying since it's larger than a USB stick and requires its own power source.
We had some employees using travel routers to bypass company policies around working abroad, taking laptops to China, etc. If you want to detect that sort of thing you could consider adding detection rules in your SIEM for connections to your company VPN from an ip address that is itself associated with another/commercial VPN. It won't catch people connecting to VPN servers offered through their home router, but it's something.
I'm surprised they were stupid enough to use a commercial VPN - that would rightfully trigger lots of security alerts.
The proper way to do that is to VPN back home. They should sell these as preconfigured pairs where anything plugged into one's ethernet port comes out of the other (with some kind of layer-2 VPN between them).
counterpoint: those policies are not sustainable and can be easily defeated by someone simply setting up an endpoint somewhere not on any lists. if you have a security worry about devices being compromised by dint of their location, you need to control the location in some physical rather than logical way. if you have an HR worry about residency, I suspect those rules are going to slowly go the way of the dodo anyway.
It doesn't matter if the policies COULD be easily defeated. If you live in a country of 5 million people, and say "only connections from smallstan are allowed into this sensitive infrastructure", you've probably wiped out 99% of automated attacks.
Security measures are judged by how much they cost to implement, and how effectively they reduce the threats you will actually face, and geolocation blocking has the amazing one-two punch of being cheap and effectual against real world threats. Realistically, you're going to face a lot more automated hacking attempts than you are hackers actively trying to workaround security safeguards your company has implemented. It also generates indicators of compromise, so even if this doesn't stop a hostile actor, it can reveal their presence.
Getting to 100% security is too expensive and it's also impossible.
These types of views/takes honestly are not productive. Security is never 100%. If location-based blocking defeats 98% of the low hanging fruit threats, it is most likely worth it. You can then filter down your more costly countermeasures to the 2% of the remaining pie.
Similar reality exists regarding security through obscurity. Is it perfect? No; nothing is. But if the cost to even understand the system in play is very expensive, that alone is a deterrent to low-effort / drive-by attackers.
I used to use a GL.iNet device as a travel router in the past but I would never do so today given they are made under CCP control. You'd want to flash stock openwrt but then you'd lose the simple/quick UI.
Source? My understanding is that it was the opposite - phones, due to being mass-produced, have amazing price/performance ratio compared to niche stuff like laptop/router cellular NICs.
It's been very helpful so far for the WiFi repeating and being able to override the DNS across the board, however, I've struggled to find a decent LTE stick for it. I bought a Huawei E3372-325 LTE stick, but unfortunately it doesn't work properly. Having searched for the issue, I'm not fully understanding what needs to be done.
I'd love some suggestion for a decent stick that works with OpenWRT. I've struggled to find a good resource for this where I can narrow down products that would work with it, and suit my needs.