Ignorance Apology: I lack enterprise experience! I am trying to protect our home computer network.
Network description: Cambium radio at 8 to 24 Mb rate from ISP --> ERPoE-5 set up with Wizard to WAN+2LAN
eth0 --> Sophos Home UTM --> ES-24-250W --> 4 desktops, 3 printers, 2 IP cameras
eth2, eth3, & eth4 --> Roku, Ooma, R7000 wifi (wifi remains unplugged 99% of time)
Both WAN_IN & WAN_LOCAL have the same rule set:
rule 10 Drop port-group 23, 107, 135, 137, 138, 139, 161, 162, 194, 199, 445, 530, 593, 992
rule 20 Allow established/related (default)
rule 30 Drop invalid state (default)
rule 40 Drop ICMP
I believe that I am defending against many intrusion methods that I don't initiate.
Please comment if this is a false belief.
eth0 is on a different subnet than switch0 and the Sophos UTM makes another subnet shift to the main intranet.
By reviewing logs I see port scans and telnet activities on the ISP's side, which highlights persistent attempts to accomplish a breach.
My questions are:
Am I doing enough to reduce the likelihood of an unassisted break-in?
Are the measures I am taking being implemented in the most sensible manner?
Thank you in advance for any help you provide.
