Back in the day, we used to say things like “Don’t run a file server on your firewall. In fact, don’t run anything except a firewall on your firewall.”
I’d agree, except my own firewall has been growing features recently. It’s the only computer in my house that’s always on.
The bigger problem is that commodity firewalls are crap. This wasn’t a case where an intentionally open ftp service was exploited to compromise the firewall, this was a case where the firewall itself fundamentally failed to firewall off access to services.
Does anyone have a recommendation for a secure router? I’m constantly seeing stories of how the telco-provided and most off-the-shelf equipment is insecure and never-updated.
I’ve been running little Atom (and similar) boxes with pfSense for years and years. Open source, secure, 100% under my control, etc.