This guide is a work in progress.
Please don't modify this guide before it is finished.
You may react and discuss using this forum thread:
With today's fast DSL speed lines, cables or fiber optics, security is a matter of interest for everyone:
Security is not simply avoiding a hack, it is about preserving the valuable data of your company or of your daily life.
This guide targets medium to high security for everyone. But it will not stop governments from digging in your personal computers or strolling your home network, as governments have access to undocumented “zero day” attacks or in some cases can access a secondary CPU hidden in the main CPU of your computer, even if your computer seems to be shut-down.
These are very basic rules!
In the past, several well-known communities providing firewalls and network appliance failed to share information about their compilation platforms. Especially, part of the kernel code remained unknown. This is why LEDE was created : a free community offering state-of-the art firmware based on recent versions of GNU/Linux.
The beauty of LEDE is that thanks to a wide support of equipments, a complete network topology for home user may cost less than 500 EUR.
In this tutorial, we will also give information about electrical consumption, showing that choosing the right embedded equipment can save a lot in energy and there is no need to go for expensive, unsecure and power consuming devices.
Furthermore, LEDE devices are so small and so cheap, that for security issues, you may fill them with stone-glue to avoid any opening and we will show you how to do it using professional techniques.
The proposed network topology is for home users and small companies. You may adapt it to your needs and available hardware. LEDE is able to do all this on a single router, but it preferable to add defense space and use several of them. The inetwork topology includes:
As you can notice, the topology is designed to resist attacks using deep defense:
This should leave space and time for proper reaction.
Also, please note that zones are organized according to security principles: