Hello, believe it or not, I haven’t abandoned this. In fact, I have a massive cherrytree doc that continues growing as I learn and unlearn things. I have broken my firewall so many times I don’t know whether I’m coming or going. There’s already many great how-to’s out there, but it’s never really what I need.
In the entirety of the CompTIA Network+ paperweight (joking, it’s great, just heavy), I learned a lot, but I didn’t learn a lot of essential things, like how to use Peplink’s router administration software in the best way for my needs, and what sort of security paradigm I should follow as a home user with business leanings, nosy neighbors, and a disagreement with a particularly egregious online collective known for coordinated animosity.
Every person’s security needs are different. As I’m also learning Linux at the same time, it’s been an uphill battle, and choosing focus has been a challenge.
If I were to write Peplink’s SOHO MK3 manual, I would start by explaining what ports actually are, list the common IANA ports (and explain what IANA, ICANN, IEEE, actually are in short order), describe basic ifconfig/netstat outputs to common consumers, then create a few scenarios and firewall configurations that might apply to different kinds of typical users: the gamer who needs to understand p2p and port forwarding, the home businesswoman who wants to separate family equipment from her PC activities, the (rightfully) paranoid activist or businessperson transmitting sensitive content through their Peplink, the kitten clicker who knows absolutely nothing about bad things in the universe, the computer network-literate tinkerer with very specific server needs, the college kids trying to network their 5-student living grounds with a webcam, a torrent client and no idea how vulnerable they are, and so on.
I would also explain, and this is astoundingly difficult for people with no networking knowledge to understand, the difference between “incoming” and “outgoing,” because the reality defies the intuitive interpretation of these words as they pertain to different protocols. To complicate matters, The Internet of Experts On Things do not agree on what you should be allowing and denying. I spent a really long time tweaking my Deny All Outgoing setup, until I read a security professional’s blog that said it was crazy, I kind of gave up.
I hope one day soon to share my journey here, to save other idiots the time I spent learning how to walk. One thing is clear, there’s often no right answer. I don’t want to promise a duedate, because I’m still terribly insecure about my system decisions, but I’ve kept the torch lit.