Is my current setup Ok or should I change it?

Started by Zacrux, January 23, 2023, 08:57:57 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

Zacrux

January 23, 2023, 08:57:57 AM Last Edit: January 26, 2023, 04:02:37 AM by Zacrux
My basic setup is this:
1 - ISP router, wifi turned off, port 1, port2 and port3 are set to fixed IP's on 192.168.x.1 , .2, .25
2 -Home router secure network , dhcp address ranges 10.0.3.40 - 3.254 , Wan Port fixed to 192.168.x.1 - From ISP router port 1.
3 - Home router IOT network ,  dhcp address ranges 10.0.4.2 - 4.254,  Wan Port fixed to 192.168.x.2 - From ISP router port 2
4 - Mini Ubuntu server running Adguard and Jellyfin media server, IP address fixed to 192.168.x.25 - From ISP router port 3  and
this IP is set for DNS on both home router networks ( ADGuard )

I have dual NICs in my ubuntu server with only one being used.

Is there a security risk since both of my networks use the IP address of 192.168.x.25 as their DNS server for Adguard?


deanwebb

#1
January 25, 2023, 08:59:36 AM
The IP addresses do not create a security risk. The key is in the ISP router - that's the primary security device for the whole network. Is that something you are able to monitor and harden on your own, or do you get limited config options from the ISP? If you get limited config options, then a firewalling device between the ISP router and your home network would be needed for security, potentially.
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

Zacrux

#2
January 25, 2023, 09:14:58 AM
Thanks for your reply..
My ISP Router is a G3100 from verizon.  I have the firewall turned on, fixed IP addresses on the three ports I use. Other than login changes and IP address reservations I haven't done much with it.
Both my IOT and normal networks use Asus home routers with their firewalls enabled, some reserved IP addresses and I keep the firmware updated.
I was mainly thinking the ubuntu server being on the ISP router might be making my home network less secure.
I have purchased two TP-Link TL-SG108E switches to learn about vlans so if I need to change my Linux server's connections that may be an option for me... but I am no network guru... most of my experience is hardware based and windows OS experience. I am learning linux and really liking what I am learning about it.
Thanks again for your help.

deanwebb

#3
January 25, 2023, 05:37:42 PM
I think you should be OK, then.
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.
Print
Go Up Pages1
User actions