Jump to content

New cyber attack protection hardware product by Trend Micro.


KhunHeineken

Recommended Posts

I've been getting into  bit of home automation, with a lot of these devices that are connected to the internet, being unable to run any anti-virus software. 

 

I am using ethernet cable for as many devices as I can, but some are also connected via Wifi.

 

Trend Micro have a new hardware product that covers the whole network. 

 

I was just wondering what the members that know a lot more about computers and the internet than me may think of it. 

 

Is it a gimmick, or worth the money?

 

This is a link to the product.

 

https://www.trendmicro.com/en_us/forHome/products/homenetworksecurity.html

 

This is a Youtube explanation.

 

 

Any thoughts?

 

Link to comment
Share on other sites

Trendmicro Security is installed in AsusWRT routers. I would have to research some more to see if there are any feature differences. Most OpenSource router firmware has additional packages for security that are free at no additional cost. These include ad blockers and firewall add ons that also block sites that track you, malware and bad sites.  AsusWRT Merlin and pfSense firmware are excellent for this. Have not looked specifically for this topic at some of the other firmware forums lately to know what is going on there, such as DD-WRT.  There are two active projects on AsusWRT Merlin for blocking ads, bad sites and malware and an enhanced firewall functionality program. The project names are Skynet (enhanced firewall) and Diversion (malware and ad blocking).  Since the Asus router has TrendMicro built in, your network will be well protected.

Link to comment
Share on other sites

17 hours ago, Xentrk said:

Trendmicro Security is installed in AsusWRT routers. I would have to research some more to see if there are any feature differences. Most OpenSource router firmware has additional packages for security that are free at no additional cost. These include ad blockers and firewall add ons that also block sites that track you, malware and bad sites.  AsusWRT Merlin and pfSense firmware are excellent for this. Have not looked specifically for this topic at some of the other firmware forums lately to know what is going on there, such as DD-WRT.  There are two active projects on AsusWRT Merlin for blocking ads, bad sites and malware and an enhanced firewall functionality program. The project names are Skynet (enhanced firewall) and Diversion (malware and ad blocking).  Since the Asus router has TrendMicro built in, your network will be well protected.

I didn't know that about Asus routers, but this is not a router.  It plugs into your existing router.  Any make, any model of router.  (no offence intended if you knew this) 

 

Just wondering what the IT gurus on TV thought about it. 

Link to comment
Share on other sites

Without looking into details my 30 years computer experience tells me that device will protect you against some issues but it will fail with many other problems.

From time to time I configures professional firewalls which cost a lot more than that thing. They have thousands of settings and options how they protect your network, what they allow and what they don't allow. It's complicated to configure them and it's always a compromise between security and usability.

 

The only real secure network is a network which is not connected to anything else, especially to the internet.

When you connect your home network to the internet you have to allow lots of traffic to make it usable. One of the things you will allow (normally) is HTTPS which is secure HTTP. The allows secure transfer of data and i.e. passwords so that the router or any man in the middle can't "see" the details. That's obviously good. That is until HTTPS is used to transfer things which you don't want. And the router and any other device in the middle won't be able to block it.

 

Summary: Buy this thing if you don't care about the money. Probably it will help at least a little and probably it will make you feel better. But don't expect high security. You won't get it.

Link to comment
Share on other sites

On 2/17/2019 at 9:51 PM, OneMoreFarang said:

Without looking into details my 30 years computer experience tells me that device will protect you against some issues but it will fail with many other problems.

From time to time I configures professional firewalls which cost a lot more than that thing. They have thousands of settings and options how they protect your network, what they allow and what they don't allow. It's complicated to configure them and it's always a compromise between security and usability.

 

The only real secure network is a network which is not connected to anything else, especially to the internet.

When you connect your home network to the internet you have to allow lots of traffic to make it usable. One of the things you will allow (normally) is HTTPS which is secure HTTP. The allows secure transfer of data and i.e. passwords so that the router or any man in the middle can't "see" the details. That's obviously good. That is until HTTPS is used to transfer things which you don't want. And the router and any other device in the middle won't be able to block it.

 

Summary: Buy this thing if you don't care about the money. Probably it will help at least a little and probably it will make you feel better. But don't expect high security. You won't get it.

I can get one for cheap, with some subscription.  I run antivirus on my devices that have operating systems, but with things like the CCTV NVR and the like, you can't run any antivirus on them.  I thought this is where this thing would come in, or so it advertises.

 

I have a question for you.  If I was to plug one of these into a router in a condo, that gets its internet from a main hub downstairs, will it just scan my condo's router / network, or scan the whole condo block's network?  Maybe a question I need to ask Trend Micro. 

Link to comment
Share on other sites

42 minutes ago, KhunHeineken said:

I have a question for you.  If I was to plug one of these into a router in a condo, that gets its internet from a main hub downstairs, will it just scan my condo's router / network, or scan the whole condo block's network?  Maybe a question I need to ask Trend Micro

The way I read their website  it seems like you need to install software on all the appliances that need protecting ??

can't see how they would redirect all requests via the add on box  instead of the normal route via the existing router  without first having the "interception" software redirect traffic.

Link to comment
Share on other sites

1 hour ago, KhunHeineken said:

I have a question for you.  If I was to plug one of these into a router in a condo, that gets its internet from a main hub downstairs, will it just scan my condo's router / network, or scan the whole condo block's network?  Maybe a question I need to ask Trend Micro. 

I guess this device is in between like this:

Before: cable from building, your router, your devices

After: cable from building, this device, your router, your devices

Everything from this device to the right (above) is protected.

Link to comment
Share on other sites

1 hour ago, johng said:

The way I read their website  it seems like you need to install software on all the appliances that need protecting ??

can't see how they would redirect all requests via the add on box  instead of the normal route via the existing router  without first having the "interception" software redirect traffic.

I don't think so.  It plugs into a port on your router and you are good to go. 

Link to comment
Share on other sites

1 hour ago, OneMoreFarang said:

I guess this device is in between like this:

Before: cable from building, your router, your devices

After: cable from building, this device, your router, your devices

Everything from this device to the right (above) is protected.

This is the part I don't get.  Say there's a wall plate with with an LAN port on the wall in a condo.  I would have expected that you plug this product into that wall plate, and then coming out of this product is a LAN port that you plug your computer or a router into.  That's not the case.  This just plus into your router.  It's not in between the internet feed and the router or computer.  It probably has software inside directing all traffic through it, but I would have expected it be a pass through type device.   

Link to comment
Share on other sites

Yes but how do they make the traffic (internet) "route" through the new device instead of the normal route which is through the existing router....I could understand it workings if this new device connected directly to a modem or fiber converter doing the traffic inspection/blocking before then sending traffic on to the existing router to do its routing...but just plugged into an Ethernet port isnt it just listening ??....there is probably something I don't understand.

Link to comment
Share on other sites

It's possible to have a firewall with just one LAN interface and two different IP addresses. One for the connection to the internet and one for the internal devices.

And this might work if all devices are configured correctly.

But I wouldn't call such a setup high security.

 

Link to comment
Share on other sites

  • 3 weeks later...
On 2/20/2019 at 9:44 PM, johng said:

Yes but how do they make the traffic (internet) "route" through the new device instead of the normal route which is through the existing router....I could understand it workings if this new device connected directly to a modem or fiber converter doing the traffic inspection/blocking before then sending traffic on to the existing router to do its routing...but just plugged into an Ethernet port isnt it just listening ??....there is probably something I don't understand.

I'd also like to know the answer to this. 

Link to comment
Share on other sites

On 2/20/2019 at 10:03 PM, OneMoreFarang said:

It's possible to have a firewall with just one LAN interface and two different IP addresses. One for the connection to the internet and one for the internal devices.

And this might work if all devices are configured correctly.

But I wouldn't call such a setup high security.

 

Ok, but this thing is plug and play, so I don't know what it would do to the building's internal IP addresses, as in, other tenants and their devices.

Link to comment
Share on other sites

5 minutes ago, KhunHeineken said:

Ok, but this thing is plug and play, so I don't know what it would do to the building's internal IP addresses, as in, other tenants and their devices.

 

In general without knowing that thing in detail:

If you plug it in it will do nothing to any other devices if nobody reconfigures these devices. They work just like before.

 

Likely that box has an outgoing IP range.

Let's say your "normal" IP range is 192.168.0.x

Sample the outgoing IP range is 192.168.10.x

 

Anything with was not configured will work on 192.168.0.x

If a device was configured to use 192.168.10.x then the traffic goes like this:

Internet into box with normal IP address 192.168.0.x . Then that box filters the traffic and makes it available for the 192.168.10.x range.

If a device is configures to use the 192.168.10.x range then it receives only filtered internet traffic.

 

That's in principle how it works.

 

 

Link to comment
Share on other sites

  • 4 weeks later...
On 3/8/2019 at 10:30 PM, OneMoreFarang said:

 

In general without knowing that thing in detail:

If you plug it in it will do nothing to any other devices if nobody reconfigures these devices. They work just like before.

 

Likely that box has an outgoing IP range.

Let's say your "normal" IP range is 192.168.0.x

Sample the outgoing IP range is 192.168.10.x

 

Anything with was not configured will work on 192.168.0.x

If a device was configured to use 192.168.10.x then the traffic goes like this:

Internet into box with normal IP address 192.168.0.x . Then that box filters the traffic and makes it available for the 192.168.10.x range.

If a device is configures to use the 192.168.10.x range then it receives only filtered internet traffic.

 

That's in principle how it works.

 

 

I'm getting out of my depth here, but if you connect your device via an ethernet cable plugged into a wall socket in a hotel for example, but it could also be more longer term accommodation with internet included, like a condo, doesn't your device automatically get an internal IP address by way of DCHP?  

 

This thing says it scans the whole network that it's connected to.  Surely that can't be all traffic to all devices in a hotel or condo block. 

Link to comment
Share on other sites

56 minutes ago, KhunHeineken said:

I'm getting out of my depth here, but if you connect your device via an ethernet cable plugged into a wall socket in a hotel for example, but it could also be more longer term accommodation with internet included, like a condo, doesn't your device automatically get an internal IP address by way of DCHP?  

 

This thing says it scans the whole network that it's connected to.  Surely that can't be all traffic to all devices in a hotel or condo block. 

One thing is the cable and another thing are the network settings.

DHCP gives out IP addresses, correct. But that does not mean every device must ask the DHCP server for an IP address.

 

Example: The router from the internet provider has the IP address 192.168.0.1 with the subnet mask 255.255.255.0 and it's DHCP server gives out IP addresses in the range from i.e. 192.168.0.100 up to 192.168.0.200. The important part is that the first 3 numbers are the same. They are all 192.168.0.x Any device on that network does not see anything with an IP address which is not like 192.168.0.x

 

Now with the same cable there can be another network which uses maybe IP addresses like 192.168.10.x with subnet 255.255.255.0 . There might be lots of devices connected with manually assigned IP addresses like 192.168.10.5 and 192.168.10.12 and 192.168.10.178 and more. They work just fine in that network.

 

Normally the devices from the 192.168.0.x network and the 192.168.10.x network don't "see" each other. Even if the use the same cable.

 

Now coming back to the firewall. That might be connected to the ISP with the IP address 192.168.0.5. And then it does the firewall work and it has the output IP range of 192.168.10.x. That can be on a different cable but it can be the same cable.

So if someone configures one or more devices on that cable to the 192.168.10.x range then they get the filtered traffic from the firewall. And they don't see the original ISP traffic.

 

As usual there are exceptions from the rule but that is the basic concept.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.




×
×
  • Create New...