There are numerous ways to protect your end devices. All of these solutions, be they antivirus programs, personal firewalls or similar, have the disadvantage that they only ever work on the end device in question and only protect it. Tablets, smartphones and other mobile devices are usually already reasonably secure by the manufacturer, but not completely. In addition to the issue of security, there is also the issue of advertising. To block these efficiently, you need ad blockers that also have to run on all devices (if possible). If you then want to operate central services such as chat systems, Nextcloud or others securely, then it becomes complex.
An excellent solution was developed during Corona by safety engineer Steven Foerster for his family and friends and is available as free software under GitLab.
What does this software do now?
Put simply, there is a Mistborn software stack installed somewhere on the Internet (either on a small PC at home or on a virtual server in the cloud). After installation, this is only accessible from the outside via Wireguard VPN. It runs an IP table-based firewall and PiHole as an additional firewall. Furthermore, numerous services such as Nextcloud can be operated securely on this device. Only the Wireguard VPN software needs to be installed on the end devices and this connects to the Mistborn server. All communication to the Internet then runs via this server. It thus serves as a central protective barrier to the Internet – regardless of which device you are working from and regardless of where you are located with this device.
The diagram shows the structure:
A test via https://d3ward.github.io/toolz/adblock.html shows the efficiency of the solution in terms of blocking unwanted advertising:
Are you interested in finding out more? We would be happy to advise you and implement Mistborn for you!