Saturday, October 27, 2018

Configuring AiProtection in Asuswrt-Merlin and Asuswrt

One of the selling points for Asus wireless routers is their AiProtection feature, providing real-time network monitoring and protection with its Trend Micro Deep Packet Inspection engine. This is a kind of enterprise-level security made available in Asus home routers.

AiProtection is signature based, which you can update its signature in Administration > Firmware Upgrade > Signature Version > Check. This is of no rival to today's enterprise-level security that uses machine learning and/or deep learning technology, but it is much better than none.

Router Security Assessment check your router settings for security best practices. If you enabled something that has potential to decrease the security protection, it will warn you by flagging that setting as a risk. It will provide you a direct link to disable that particular setting.

However, if you are clear on your requirement to enable certain settings, such as port forwarding, you can just ignore the warning.

To get the best from AiProtection, you should enable all the features of Malicious Sites Blocking, Two-Way IPS and Infected Device Prevention and Blocking.

Malicious Sites Blocking will prevent any computer in your local network to access to known malicious websites that can bring harm to your computer, such as infecting your computer with trojans, viruses, malwares, ransomwares, etc. Your computers should be installed with antivirus and Internet security software that performs this job. However, you will be surprised that there might be still some sites not detected by your computer's Internet security software but eventually blocked by your Asus router. Enabling Malicious Sites Blocking will provide double-layer protection from malicious websites on top of your computer's Internet security software. If you have a firewall with similar function behind your router, then you will have triple-layer protection.

Two-Way IPS will detect and block exploitation of a known network vulnerability, either from the Internet into your local network, or from compromized computers or IoT devices in your network trying to attack other computers or IoT devices in the Internet. This will, to certain extend, help you to protect unpatched vulnerability of your computers or IoT devices from being exploited and hacked.

Infected Device Prevention and Blocking will try to block the communication between compromised computers or IoT devices in your network and the hacker's command and control server. In this way, the hacker will not be able to easily take remote control of your compromised computers or IoT devices.

If you click on the Alert Preference button and set your email (Gmail / AOL / QQ / 163) there, you will be able to receive email alerts from your router whenever AiProtection alert is triggered.

The firmware actually provide reports for these AiProtection features in their respective tab so that you can known what threats have been intercepted, and which hosts are affected.

Parental Controls consist of Web & Apps Filters and Time Scheduling.

Parental Controls are host based and block traffic based on the source MAC address of the host accessing to the Internet. It is automatically enabled if you set one or more family members in Asus Router mobile apps as below 18 years-old and assign one or more hosts under them. The mobile apps will block them from accessing to Adult websites.

Beside adult websites, Web & Apps Filters can also block a host from accessing to Instant Message and Communication, P2P and File Transfer, and Streaming and Entertainment in the Internet.

Note that you can expand each of the 4 categories for finer blocking settings. For example, Adult category consists of Pornography, Illegal and Violence and Gambling sub-categories.

Enabling Web & Apps Filters will consume some of your router's CPU and memory, and will make web browsing slightly slower.

If you are using Asuswrt-Merlin firmware, there is another alternative called DNS Filter to do the filtering at the DNS server.

Time Scheduling function allows you to set time blocks in each of the days in a week that a particular host is allowed to access Internet. Internet access will be blocked for that particular host when the time is outside the allowed timeframe. You can set multiple blocks within a day.

This is only useful if the host is dedicated to a person or some persons that need to obey to your time scheduling. If it is a shared computer used by the whole family, then every family member will need to obey to the time scheduling when using that computer. There will be no exception.

You will notice that if you have any of the Parental Controls settings enabled, there are additional Port Forwarding entries automatically defined in your router. Those Port Forwarding entries will disappear after you disabled the setting.

Parental Controls are nice features to have. For better router performance, you might want to disable them, unless necessary to use them to guard your children Internet access.


Post a Comment

Hint: Click on the "Older Posts" link to continue reading, or click here for a listing of all my past 3 months articles.