Jump to content
RESET Forums (homeservershow.com)

Luma Firewall or should I say lack of.


itGeeks

Recommended Posts

itGeeks

I did  port scan using the very popular the GRC ShieldsUP from Steve Gibson and to my amazement the first 1000+ well known ports are only showing as closed and not stealth so I contacted Luma support for y is there device that want's to be installed at the edge of our networks and provided Wireless and security to our entire networks does not seem to provide a hardened firewall that any basic 50.-100 router that we can purchase from big box stores like Best Buy, Microcenter or Fry's and you will be amazed at there response I got back tonight, See below-

 

Response from Luma today.

 

"Hi Ray,

Just wanted to reach out regarding your concern with closed vs. stealth ports. Wanted you to know that we had extensive internal discussions on this topic during planning of our security framework. While we agree that there are benefits to having stealth, we chose to go with closed for simplicity. We expect our primary demographic to value ease, but we do acknowledge that experienced professionals such as you have strong feeling regarding these security decisions. While we do not agree that stealth is inherently more secure, we acknowledgement that your argument has standing. We do not expect to change this feature in the short term and we understand if you wish to process a return as a result."

 

So what does everyone think of there response?

Would everyone trust Luma at the edge of there networks in router mode knowing there does not seem to have a hardened firewall built in and according to Luma there is no plans to change this anytime soon?

 

Maybe its me but what is Luma thinking here? I mean they want everyone to install Luma 1st inline and put our existing routers in bridge mode behind Luma and let Luma handle everything but Luma does not have the basic protection of a hardened firewall nor are the going to change this in the near future. Someone please set me strait on my thinking.

Edited by itGeeks
Link to post
Share on other sites
cskenney

Most people don't know they can set their ports to stealth. That being said I used the GRC site on eero over the weekend and they also show closed ports with no ability to enable stealth.

 

I am not an expert on firewalls so I am not sure if this is good or bad. That being said at least the ports are closed.

Link to post
Share on other sites
LoneWolf

To me, once one goes into serious network design (even home), separating wireless capabilities from the edge (your router) is a good idea.  Then you can concentrate on getting two different products that are strong at what they do, rather than a jack-of-all-trades-master-of-none.

 

As Luma mentioned, or Eero, these products are meant to make it easy for the less-literate user.  All of us here have a lot more experience; with that comes the ability to choose and configure for ourselves accordingly.  A firewall lets me do a lot of things I might or might not be able to do with a Luma --like an SSL VPN, or a VPN tunnel between my house and a family members, gateway antivirus, intrusion prevention, VLANs, static routes, deep packet inspection, and so on.  Far more granular and powerful.

  • Like 1
Link to post
Share on other sites
itGeeks

Thanks to both of you for taking the time. I agree with you LoneWolf, I am trying to keep my wan't and needs at bay and test Luma with an open mind to see if this would be a device I would recommend and or deploy to family and friends but at this point the lack of a 'real firewall' in a device that should be installed on the edge of our networks does not give me a worm and fuzzy feeling. :unsure:

With the lack of a hardened firewall I am thinking both Eero and Luma should only be used in 'bridge mode' behind a firewall then you would have the benefits that they offer all while being protected. I mean heck I can't remember the last time I purchased a consumer router and ran a port scan and all ports did not show 'Stealth', I am not asking for something that is not commonplace to these types of devices.

Edited by itGeeks
Link to post
Share on other sites
itGeeks

Most people don't know they can set their ports to stealth. That being said I used the GRC site on eero over the weekend and they also show closed ports with no ability to enable stealth.

 

I am not an expert on firewalls so I am not sure if this is good or bad. That being said at least the ports are closed.

Thanks for taking the time to test Eero, I guess you new that's where I was going next. :)

Have a look at this for a definition of status of ports http://Internet Port Status Definitions

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...