What a dream…
Three years ago the pandemic changed the way we work and live. Everyone was forced to stay and work from home. But what’s wrong? People are close to their family as always wanted. Well, good for us but bad for all the corporates and their information security. Here is what I learned about securing my network with the UniFi Dream machine.
You know the situation. The contract with your ISP will force you to use their pretty basic hardware. The user interface feels like the late 90s, the functionality is not that much better. But who cares, it works. Not many people are thinking about security while adding tablets, phones, laptops, and remote cameras to their network. Why should they? Apple and all the other brands are promising a high level of security. At least as long as you have installed the latest update and the vendor has successfully closed the zero-day vulnerability. But what if not? What if you use your old windows device, updated 2 years ago? What if your not updated tablet runs a network sniffer in the back? Now we may run into serious problems. In special when you use the same network for private and business reasons.
The scenario
You downloaded an app on your crappy windows device, and with this also a little script or app that sniffs your network traffic and logs your keyboard. Worst case! You have no idea. Why should you? Your device is a bit slower but hey...it's already two years old. Monday morning, everything is as usual. You start your work at 9 AM using your corporate device. While looking into your mailbox you open the application you need for your daily doings. Everything is good. Nothing happens. It’s still pandemic and your workload is not that high at these times(unless you work in cyber security). You are bored and thinking about the YouTube videos from yesterday evening. Let’s continue watching with your crappy old windows device. After all, you don't want your company's IT department to know about it. So here is the case, from now on your malicious device will have access to some sensitive unencrypted information that flows through your network. Wouldn't it be nice if your network is secured? And this is where the UniFi dream machine comes into the game.
Device or no device - this is the question
The UniFi dream machine is a cylindrical white device with a matte white finish. The design could well be from apple and so the dream machine fits seamlessly into your home without having the charm of a typical router. But that’s not all. Let’s have a look at the specs:
Dual-band WiFi 5 access point
Four-port Gigabit switch
Integrated 4x4 Enterprise AP
Integrated Security Gateway
High performance antenna 802.11ac Wave 2 4x4 MU-MIMO for 5 GHz and 802.11n for 2.4 GHz
ARM Cortex-A57 Quad-Core at 1.7 GHz
First things first - the setup
Once your dream machine is connected to the internet and your mobile device, you will follow a fantastic smooth installation process. Everything works from the very beginning in only four steps (UDM Installation Guide). The app looks great and I felt familiar after a couple of seconds. Besides the app, you can also use the web UI. Same functionality but a much better overview section. And of course, techies are more used to working on a laptop. So I started looking through the functions and began with the configuration.
Security made easy - Network segmentation
Let’s talk about the things that are really important. Do you remember the situation with working from home and your unpatched devices? Right, now one of the key measures securing your network is consistent network segmentation. This can be a very complex and difficult topic on big enterprise IT networks but it's quite simple within your home network. In special while using the dream machine. Just separate all your network into “Home” and “Office”. Besides this, the UniFi dream machine allows also create different WIFI networks with the respective allocation to the subnets. Each configuration field is additionally equipped with small information fields that provide an excellent explanation of what effect the setting will have.
Network Segmentation within UniFi Dream Machine
The basics are done. The network is segmented and your private and business devices can be grouped in a secure way avoiding traffic across the VLANs. There are a couple more options within the network area, like Auto-Scaling, content filtering, and so on. I don’t want to deep-dive too much into all details. If you are interested in more, visit UniFi documentation.
Threat prevention
Now let’s talk about the points you don’t expect from a home router. Threat prevention. The UDM allows you in an incredibly easy way to detect and block the most common threats with one click. This includes also traffic from and to the darknet as well as from malicious websites which are based on UniFi real-time data. Well, it’s not the highly sophisticated configuration security consultants do in enterprise IT systems but it’s more than good for your home network. And it’s easy to set up.
Why it’s worth it?
The thing I like the most about the UniFi Dream machine is its simplicity. Both the hardware and the software. The unboxing and the first start-up alone were immediately convincing. The presentation of the user interface and the way the various features are implemented are second to none. For me as a security consultant, the biggest challenge in my daily work is to combine the usability and functionality of security solutions. UniFi has mastered this with the Dream machine in an amazingly impressive way. Thumbs up.
Not the end..
There is much more to learn and say about the dream machine. This is a living article and will be updated if needed.
MB
