1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

CUJO Smart Internet Firewall - Second Look

Discussion in 'LAN & WAN Article Discussions' started by thiggins, Jun 12, 2017.

  1. thiggins

    thiggins Mr. Easy Staff Member

    Joined:
    May 18, 2008
    Messages:
    13,959
    [​IMG]
    We take another look at the CUJO Smart Internet Security Firewall to see how it has matured.

    Read on SmallNetBuilder
     
  2. pete y testing

    pete y testing Very Senior Member

    Joined:
    Jul 12, 2011
    Messages:
    1,924
    Location:
    victoria, australia
    hi tim

    must be a quiet month for new releases then :) , your right that the outer edges of this mesh market will struggle to find ground , will be interesting to see who the unnamed router partner will be and how it will be incorporated as i cant see any of the major players being interested in an outside element in their designs

    pete
     
  3. Threska49

    Threska49 Regular Contributor

    Joined:
    Aug 6, 2015
    Messages:
    67
    Kind of like those whitelist DNS sites.

    With that being said, a bigger issue for those getting into the security field is liability, as in what happens if their security fails to secure.
     
  4. thiggins

    thiggins Mr. Easy Staff Member

    Joined:
    May 18, 2008
    Messages:
    13,959
    Unless an insurance company gets into the business, don't hold your breath...
     
  5. sfx2000

    sfx2000 Part of the Furniture

    Joined:
    Aug 11, 2011
    Messages:
    14,253
    Location:
    San Diego, CA
    Keeping the threat lists updated is the major challenge with devices/features like this...

    These can defend against threats they know about, however, new threats show up every day, and older threats are refactored to work around blocks that may be put in place.

    It's an interesting device - that along with another similar one (Circle), these can be useful tools for some... I'm probably not in the target market for devices like this, but if someone needs a plug and play solution, it's worthy of consideration.
     
  6. WelshDog

    WelshDog New Around Here

    Joined:
    Jan 3, 2017
    Messages:
    6
    Just curious what people in the forums here would recommend for home cyber protection. I ask this on the day the Golden Eye ransomware attack went wide in Europe. I'm mildly capable setting up IT equipment, but I'm no expert and have no training. Nonetheless, I'm not afraid to dive in and try stuff.

    Cujo seems like a good idea for many, but is there something better (more secure)? One thing I like about Cujo is the option of buying in for "lifetime service". I am losing my patience with the subscription tech culture we seem to be sinking into. It seems every company wants into my wallet permanently, 'til death do us part.
     
  7. thiggins

    thiggins Mr. Easy Staff Member

    Joined:
    May 18, 2008
    Messages:
    13,959
    CUJO is not a cure-all. It mainly keeps your devices from connecting to known bad IP addresses and domains. It will not stop bad email attachments from being received and opened.

    CUJO is a relatively young company in a tough field. A '"lifetime" subscription may not last as long as you think...

    Cyber security requires constant updates. This costs money.
     
  8. WelshDog

    WelshDog New Around Here

    Joined:
    Jan 3, 2017
    Messages:
    6
    Sure things aren't free. I do feel that the rates charged for things like virus and malware protection are obscene. The information they use is mostly free and can be gathered and distributed to the subscribed devices for little cost. Charging $10 a month for this is ridiculous. If they sell 100,000 subscriptions that's a million a month. Their cost of providing the service is a tiny tiny fraction of that - for any company.

    So my question is then, what is a good home cyber security setup? Cujo seems like it only covers some bases as you pointed out. What device/service can do it all - and have throughput that keeps up with my Google Fiber?
     
  9. pete y testing

    pete y testing Very Senior Member

    Joined:
    Jul 12, 2011
    Messages:
    1,924
    Location:
    victoria, australia
    the synology with its IPS system and asus with its AIprotection do a good job , the asus brt-ac828 is even further advanced

    no such thing , you need a good overall approach and these systems are part of the holistic approach not an all in one solution

    eg antivirus and firewalls on devices is part of the solution as well
     
  10. thiggins

    thiggins Mr. Easy Staff Member

    Joined:
    May 18, 2008
    Messages:
    13,959
    Some of the databases are free, others are not. $10 to you may be outrageous. But how much do you pay for car insurance? home insurance?

    There is no single product that does it all. If you are looking for more comprehensive solutions, you need to go to UTMs. If you want free/cheap, look at pfSense on a box fast enough to keep up with your gigabit fiber.

    Remember, this is what you are up against today. Multi-layered defense is key, especially if you have kids or non tech-savvy people on your network.
     
    WelshDog likes this.
  11. evil_mike

    evil_mike Occasional Visitor

    Joined:
    Feb 3, 2016
    Messages:
    14
    Gave the Cujo a try for a week, and am returning it to the box store I bought it from (thankfully, they have a kick ass return policy). I was quasi-skeptical about its capabilities to begin with, and while it does seem to offer SOME degree of protection, there's just no replacement for an up-to-date endpoint security tool. I was seeing some connection dropouts, which surprised me, but the straw that broke the camel's back for me was when it was alerting to an IP address that is "associated with a Botnet." My iPhone and Macbook were pinging an Apple-owned IP address.

    Anyway, for the price, I didn't see much value, but I also have my network pretty locked down to begin with (i.e. I'm not their target audience).
     
  12. thiggins

    thiggins Mr. Easy Staff Member

    Joined:
    May 18, 2008
    Messages:
    13,959
    Just curious, Mike. Why were your devices pinging an Apple address and at what rate were they pinging?
     
  13. evil_mike

    evil_mike Occasional Visitor

    Joined:
    Feb 3, 2016
    Messages:
    14
    My assumption was for telemetry purposes (all of the devices were talking to the same Apple-registered IP address); they each tried to hit the address within an hour of each other (MacBook, iPad, and iPhone), and it was one time in the week.
     
  14. thiggins

    thiggins Mr. Easy Staff Member

    Joined:
    May 18, 2008
    Messages:
    13,959
    Well, unless they were whacking the hell out of server with a lot of traffic, this probably should not have been flagged.

    On the other hand, false positives are to be expected and you did have the option to allow the traffic, correct?
     
  15. evil_mike

    evil_mike Occasional Visitor

    Joined:
    Feb 3, 2016
    Messages:
    14
    Agreed, but I wasn't seeing any real positive to keeping it on my network, for a few reasons: a) I'm not seeing a lot of malicious traffic, and b) what I do see is fairly innocuous or a false positive. Just not worth the expense in my specific setup.
     
  16. Raf1919

    Raf1919 New Around Here

    Joined:
    Apr 23, 2017
    Messages:
    2
    I actually like the CUJO alot. I have 2 kids at home and who are all over the web playing games and youtubing and clicking on sorts of links. My cujo stays busy blocking alot of crap. I like all parental tools, blocking content for kids and also guests. Also like being alerted when new device has connected or turning off the internet to a device or group on the fly. If i didnt have kids I probably wouldn't really need this especially at its cost. Prior I ran untangle which could do all this as well, but not as easily and I wasn't tech savy enough to really get it tuned right.
     
  17. Dave in NM

    Dave in NM Regular Contributor

    Joined:
    Nov 21, 2015
    Messages:
    59
    Any more reviews on this? Is is worth it? As someone noted, is there like a business version from some mfgr already out there, i might be interested. Seems every business should some kind of firewall box like this, what do they use.
     
  18. Dave in NM

    Dave in NM Regular Contributor

    Joined:
    Nov 21, 2015
    Messages:
    59
    You mentioned "CUJO does not look at actual packet content as more expensive IDS/IPS appliances do.". If i wanted one of those devices because its more industrial strength than CUJO, which would you recommend?