pivotraze

Seeing as he hasn't answered your question yet, I'll weigh in. I do cybersecurity for the US Army.

What are some easy settings, configurations and software to my router and my Windows/Mac OS that secures my connection to the internet.

Use a firewall, even if it is only the built in Windows Firewall or the built in Mac Firewall. This alone will greatly increase your security in your home devices. Make sure the firewall you use is application based, so that you approve individual applications, and not necessarily just ports.

Should I consider getting a "premium" version instead of my free anti-virus software (Avast) or does that give me enough protection?

For generic virus protection, there is no difference between premium and free. The only things premium does additionally (in Avast's case) is ensure you are visiting the correct site (for example, you bank at bankofamerica.com, but accidetally type bankofamerca.com. It looks the same and you log in, but now your credentials were stolen). It'll ensure security on shopping sites (generally already done thanks to HTTPS), and avoid spam. You should be fine using just a free antivirus, and basic security tasks (verify you are on the right website before logging in by double checking the URL, don't click on random links, and ensure any secure tasks are done over HTTPS).

What is your take on VPNs? What I have heard is that VPNs are providing safer internet browsing, is this true?

Yes. A VPN encrypts your traffic so it can not be read by a third party. This is far more secure than simple web browsing, but in the average use is a bit redundant. You don't need a VPN when going to google, reddit, or facebook. Anything that needs to be secured, such as banking, shopping, and similar items should already be secured thanks to HTTPS and HTTP/2.

In theory, to protect these devices you mention, would you recommend a (admittedly, tech-savvy) home user do the following:

• pfsense or similar firewall on the edge of their network. What I mean by this is assuming they have the generic modem connected to a WAP, they could put the firewall between them? They would need a dual nic device (even a Raspberry pi could do).

• An open source ID(P)S, such as snort?

In all honesty, this should be enough for the average home network (obviously in addition to HID(P)S devices as well). If someone feels LAN separation is enough of a concern, they could set up a tri-NIC device (raspberry pi once again), two WAPs (one for less-secure devices, like Smart-TVs and Smart Fridges, etc...) and one for the rest. Set up static routing in pfsense to what is needed, and drop the rest of the packets.

Like I said, this is a very tech savvy solution, and I'm very curious to see what you guys are creating to make this kind of security more user-friendly.

I'm very interested for an answer to this.

I started out doing technical cybersecurity work (installing the patches on systems, ensuring firewalls are properly configured, etc...). I then transitioned into an oversight position where the security of an entire system is under my lead. In the next two years, I will likely be transitioned into a managerial level position, where the security of an entire division (not Army if I get the job) will be under my lead.

I've had a varied experience in it, for sure.

Not as a base (at least from what I've seen). However, you could use the one built in, and 1 or 2 USB based NICs to extend it.