5 Security Features in UniFi You Need to Enable (And Why)

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hey there everyone thank you so much for being here thank you so much for watching in this video I want to talk about the top five security features I think you absolutely have to enable in your UniFi Network some of them are new some of them aren't but the real added value I want to bring in this video is not just talking about about the how or or where to click to enable a security feature I also want to talk about the why or what's the benefit each security feature brings you so that you will be able to make a more informed decision about the security of your network so let's get [Music] started all right guys so we are at my computer and you can see that I'm already logged in to my UniFi console and all the features that I want to talk about today are all located here inside settings and security this is exactly the place that we want to go on the general tab we'll see that we have two features that are already checked these are not really security features if they're not checked on your console go ahead and check them because some of the security features will rely on them device identification just in a few words is the mechanism that allows the UniFi console to understand if a client is a Windows computer or a mobile phone or a Nintendo switch and traffic identification is what allows the console to understand the type of traffic each client is doing let's see an example if we'll go to our topology map we'll see that we have types of clients Windows Nintendo Switch Mobile phone the console is able to IDE to identify the type of client because of the device identification feature and if we take a client for example and go to the insights we see that we are able to identify the type of traffic this client is doing and that's due to the traffic identification feature so if they're not checked on your network go ahead and check them so starting with the First Security feature I recommend enabling is country restrictions and this is basically GP filtering and you can do it the positive or the negative way let me explain you can select certain countries and traffic to these countries will be blocked or you can select a few countries and only traffic to these countries will be allowed everything else will be blocked this depends on how let's say paranoid you are I'm going to use it the oldfashioned way meaning I'll select the block both directions meaning ingoing and outgoing and I'll select the countries that I want to block I'll select high-risk countries for example Iran and North Korea and now traffic from Iran or North Korea both directions meaning incoming or outgoing will be blocked Ed blocking is not something that I really consider a security feature and I'm doing Ed blocking with my pie hole so I'm going to skip that and feature number two is DNS shield now this is fairly new in ify but it's been around for several years DNS Shield is like https and HTTP where HTTP is clear text https is encrypted regular DNS queries are unencrypted and DNS Shield encrypts them meaning that the benefit is that your ISP will no longer be able to spy on your DNS queries and we know for a fact that some of the biggest isps out there in the world do sp spy on their users DNS queries and in the same manner attackers will not be able to to spy on your DNS queries and will they will not be able to manipulate them maliciously so if it's off on your network I recommend that you switch to Auto by the way if you turn them off sorry if it's off and you turn them on you will get a notification saying that your isps configured DNS service will no longer be used and that's exactly the point so click on enable this will enable Cloud flare and Google as your DNS over https providers which is great internal Honeypot is a great security features it's not really in my top five so I'm going to move right along into suspicious activity from off I'm going to select Advanced so moving to feature number three all these three rows are talking about the IPS specific feature IPS is intrusion prevention system it's a sort of an engine same as like definitions for an antivirus software IPS is sort of definitions for types of traffic that might be doing something fishy now there is a caveat with IPS IDs so before you go ahead and enable it feature you need to be aware that certain devices have certain limits or thresholds they can handle with IPS enabled I'm using a dream machine pro and the dream machine pro the dream machine SE and the dream wall are all advertised to be able to handle up to 3.5 gbits of data with IPS enabled I'm using a dream machine pro and I'm using a gigabit Network I don't have any 10 gig networks so I am not reaching the point where I get speed or penalty or performance penalty if a if you're using a UniFi dream machine base or a UDR your thresholds is about 800 megabits meaning that if you using a gigabit Network you will see some speed penalty and I actually confirm that with UniFi that unlike other firewalls that you can configure only traffic from land to Wi or when to L to be scanned with IPS in unify all the traffic including internal L to land traffic is IPS scanned meaning that even internal file copies if you're using a g a gigabit Network in a udm base Network you will see some speed penalty you need to be aware of it so if you're if you're like me using a d machine pro on a gigabit Network you're well clear C of this 3.5 gbits threshold so you can choose your networks networks meaning your villain if you have several of them and you want some of them to be taken off the IPS scanning you can take them off right here we'll select of course notify and block because notify will only notify if something is wrong without blocking the traffic notify and block will notify and block exactly as it says here there are a few l s of sensitivity usually medium is fine I'm always selecting high you can even customize if you know what you're doing the certain types of traffics you want to maybe exclude if you're using pointto Point traffic you can take it off and save feature number four is dark web I don't see any reason not to enable this feature same goes to feature number five which is block known malicious ipss both of these engines are updated frequently and again it's some sort of a feature that you get for free without any speed penalty so I don't see any reason not to enable these features so once you have selected all your required or desired features go ahead and click apply changes give the device a minute or two so everything will be able to take effect and Guys these were my top five security features I hope you liked it I hope it was informative and I hope it helped you reach a more informative decisions about the security of your network please take into account the thresholds when it comes to IPS and I hope to see you again in my next video bye everyone oh

Info

Channel: Tech Me Out

Views: 3,113

Rating: undefined out of 5

Keywords: 5 Security Features in UniFi You Need to Enable, unifi, ubiquiti networks, ubiquiti, udm, udm pro, security, ubiquiti unifi, firewall, threat management, dpi, usg, unifi network, optimize unifi wifi, unifi firewall, unifi protect, unify, insidewire, unifi wifi optimization, network security, ubiquiti usg, ubiquiti unifi security gateway, ips, ids, deep packet inspection, honeypot, dream machine pro, unifi dream machine pro, unifi firewall rules, unifi threat management, unifi security

Id: 6X0NCRuhwx4

Channel Id: undefined

Length: 9min 10sec (550 seconds)

Published: Sat Jan 27 2024