4 February 2019

#004 - Upgrading a Home Network

I am convinced a business enterprise-level VPN router with a built-in firewall, alongside a L2 managed switch is a complete overkill for a home network.

Of course it's a complete overkill, but I strongly believe it's a healthy step forward away from mainstream routers aimed at non-tech savvy consumers.

I find it troubling to learn that certain consumer brands including ASUS and Netgear have deployed analytics to their firmware to snoop on Internet traffic. Our home model is fortunately not affected, but I don't like this growing trend, hence one of the reasons to invest in enterprise-grade hardware. However, I'm choosing not to invest in Cisco gear... yet!

For the record, this has been a personal ambition for a few years and it started when I was a supporting system administrator at a previous job. Personally, I want to use Cisco hardware as I want to push myself towards the CCENT/CCNA accreditation track. I also want to better understand how data packets is transferred and received in a given network from a cybersecurity perspective.

However, if I'm going to be using Cisco for accreditation purposes, I would prefer NOT to use the same lab kit on a live home network, especially when I want to protect our web traffic behind a VPN and built-in firewall. Besides, I cannot imagine the increase to the electricity bill and fan noise generated from each box.

I'm also excited at the prospect of creating a tag-based VLAN, using IPv6 and HTTPS protocols, and deploying the WPA2-Enterprise security protocol using the RADIUS server. Even the PoE (Power over Ethernet) switch has several small form-factor pluggable (SFP) slots for optional modules, be it optical or copper use.

In the end, it will be a simple VPN router and dedicated switch setup with Cat6A cabling, but using enterprise-grade hardware that is supported per the usual rounds of vulnerabilities and flaws that we learn and read in the IT sector. At the end of the day, no brand is invisible to vulnerability or zero-day attack, but these days, it seems that security exploits is governed by political affiliation and motivation.

For the interim, I am happy to use an alternative enterprise brand (outside of Cisco), as I want to grow familiar with networking terminology and tinker with advanced settings via a web GUI and not be locked down to the Cisco ecosystem, which I understand is typically used in commercial and enterprise environments. It will also be fun to gain practical experience using the web GUI (with the option to connect via the console), before transitioning to a Cisco network using overkill hardware and L3 managed switches.

My formal experience with Cisco include VoIP phones and the Cisco Sourcefire Next-Generation Intrusion Prevention System (NGIPS). And my exposure with routers have mostly been configuring consumer-grade routers and wiring and maintaining medium / large offices using non-managed switches.

As you can tell, I still have much to learn, but I see no harm to further learn network administration in a practical and safe environment. I am hopeful this foundational knowledge can leverage my understanding of programming, when I read about low-level languages and/or techniques that involve Internet protocols, especially when I hope to branch to backend web programming.

~Richard