Best Firewall and Local Policies

Hi All-

I’m new here and want to say thanks already as I’ve already seen some great posts & info on here that I will be using soon.

Basically I was wanting to know your best advisement for securing my HP PC that’s running Win 11 Home & as well as my home network. My modem and router are the ones that I pay for monthly through Spectrum/Charter, and I was wondering if anyone had good any good tips as to how to get my home situation locked down as best as I can with what I have. I’m downright awful when it comes to networking (I barely know my own IP address) and would love to know if anyone has any preferences on free firewalls that they use. I’ve tried a few over the last couple of years and wasn’t really impressed with too many, but don’t know what I’m doing - so there’s that! :wink: Currently I’m using F-Droid Spectrum Security Suite, Glasswire free-edition) & Fing for my PC, and then Netguard for my Android (paid version). I like Netguard and Glasswire in the respect that I can easily block apps/the concept makes sense to me and as well as the interfaces. It’s the logs and PCAP files that throw me and I can’t make heads or tails of it. I also don’t really glean much or understand the event viewers on Windows. It seems to be a bunch of basic (but obfuscated) info repeated over and over again. But again - maybe it’s just me.

Another things I was looking to ask is what do you recommend for settings for the Local Security policies? Some Enabling/Disabling that already aren’t by default seem like a great idea, but I look at them and think "don’t do that - you’ll forget you did that, OR you don’t know what you’re doing - you’re better off not touching it. "

Lastly, if anyone could tell me how to make sense/read the Netguard logs/point me in the right direction to learn how to read network logs I would be so grateful!

Thanks in advance and any/all input is appreciated!

Edited to add: If it helps, I use Firefox as my main browser and Chrome as a backup. I don’t trust Google, but have Chrome that I use as a backup. Thanks again!

1 Like

Generally consumer devices like that don’t support any advanced security features (which are useful for privacy or have long term support for the firmware (which includes updates to the various components running on it). The best thing we recommend is to run a device with long term support, ie something with openwrt like the Turris Omnia, or a device running OPNSense on it. These then handle the routing while the network termination device simply “bridges” to to your internet access.

With that and a managed switch you can start to do some segregation of your network devices, between those you trust completely and those you do not. For that we use a method that relies on virtual local area network (VLAN).

You really don’t need software firewalls, and they won’t really provide any extra security over what is included with Windows. They are mostly tools sold by anti-virus companies looking to diversify their offerings with “security suites”.