John Edwards john at cornerstonelinux.co.uk
Wed Jun 16 12:13:27 UTC 2021


On Wed, Jun 16, 2021 at 12:12:39PM +0100, Tim Clarke via GLLUG wrote:
> I have found the Ubiquiti Edge-X router/firewall appliances to be good
> and pretty easy to set up (web gui interface).
> They are also very reasonably priced, compact and no moving parts.
> Only drawback, I think, is the learning curve for the firewall/nat setup
> (somewhat different to standard iptables).

The Ubiquiti look pretty, and can work well, but have a history of
poor compliance with the GPL as well as a very bad approach to security:


Seems like an employee stored privileged credentials in LastPass,
which were then used by attackers to gain root level access the the
Ubiquiti servers. Ubiquiti can say “no evidence that customer
information was accessed" with a straight face because they did not
audit that access.

I believe you can still use a local password instead of a cloud stored
one, but the last time I had to do this it was not particularly
obvious (a bit like Windows 10). And there is probably no guarantee
that it won't be stored in the "cloud" in a future release without
your knowledge.

And lastly, as other people have said, a firewall won't stop most
ransomware attacks. Offline/remote backups and user (and admin)
education is what you need. Snapshots that are only accessible by
admins, and restricting user write access to only the bare minimum of
files can also be useful but are generally harder to implement.

|    John Edwards   Email: john at cornerstonelinux.co.uk    |

More information about the GLLUG mailing list