I am using a pretty cool and affordable firewall called "Firewalla" Red version. (You can find it on Amazon or their own web site) This firewall cube is very tiny, about 1.5", but it does a lot of very amazing technical analysis of your home network; perhaps for small size office network too. This firewall is developed by a team of long-time Cisco security experts who developed and wrote millions lines of code for Cisco firewall boxes and security suites. They left Cisco few years ago and started this startup. I have been using this little red box to monitor my network security past 2 years. Before this Firewalla, I had no idea if my Windows PC had been affected by rootkit or trojans which quietly sent infectious traffic to inside and/or outside of the home network. This Firewalla not only blocks suspicious attacks like the ones have been attacking Channel DVR's 8089 port, it also notifies you via your iPhone or Android of some zombie virus in your PC/Mac or any IoT devices like your security cameras made in China are sending suspicious traffic outside of the network without your knowledge. Another nice thing about this Firewalla is that they tell you the specific port from which device, so you can then narrow down a specific application in a particular PC or infected security camera doing suspicious activity. My home network is little unusual than some of the normal home setup because I have a lot of IoT devices, security cameras, NAS's, VM's, dockers, Raspberri Pi's, containers, VMware, VLANs, port trunking, DNSmasq, HomeKit, Smartthings, Homebridge, etc. I am close to maxing out my 253 IP addresses in my subnet. And I have run into many weird issues with the Firewalla past 2 years due to my unusual home setup. So, these guys are very bright and very responsive, almost like the developers for the Channels DVR, and they went all out to troubleshoot and fix all the problems promptly (usually within a day or 2) I faced in the past. Past 8 months, the code has been very stable (no more crashes) and accurate to identify and block all the attacks and notify me about all suspicious uploading traffic. It can also block or schedule blocking for social network or porns to protect your kids. I would recommend the developers of Channels DVR to buy one of these Firewalla boxes (I hope they are reading this thread. How can I get them to see this post?) and get a sense how vulnerable to statically use port 8089 for remote access, then they can consider security of Channels DVR is no less important than those fancy features in Channels DVR. I am hoping Channels DVR can come up with a more secure solution not to expose port 8089. BTW, I signed up their new Firewalla Blue version with faster CPU and gigabit ethernet, this startup is quite honest and serious about their products, and most importantly they can deliver and continue to commit to make the code more stable like what I have been very impressed by the guys behind Channels DVR.
