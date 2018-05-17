Ask Slashdot: Which Is the Safest Router? 68
MindPrison writes: As ashamed as I am to admit it -- a longtime computer user since the Commodore heydays, I've been hacked twice recently and that has seriously made me rethink my options for my safety and well-being. So, I ask you dear Slashdot users, from one fellow longtime Slashdotter to another: which is the best router for optimal safety today?
I like using Linux boxes with packet-forwarder turned on in the kernel, and using either IPTables or firewalld, depending on your flavor. I then use my "router" to serve me web content and handle my VPN for me while I'm away from home. Oh, and I would highly recommend something like this: tiny PC [solid-run.com] with multiple 1GB NIC ports, Wifi, BT, etc... so you can have a WAN and a LAN port. It is easier to configure it this way.
Mikrotik are also offering SOHO routers loaded with features. One needs to know how to configure them though.
The hAP is a really neat box.
Not trying to be overly pedantic here, but do you mean firewall? Routers aren't necessarily security devices.
Many routers let you add rules for various packet types and features, which can add security.
Go Enterprise - Juniper SRX300 (Score:2)
Number one feature: No upnp available on the device
Can get one for $200 or less if you shop around
This is what I did, HOWEVER you are miss-representing the cost as you must also get a license and a support contract to keep it up to date.
PEBCAK (Score:3)
A "secure" router won't help you. What does "hacked twice recently" actually mean?
Re:PEBCAK (Score:4, Insightful)
This is a critical question - in what way was your system compromised? What vulnerability was exploited that allowed someone to access your machine? No single firewall or router can prevent all forms of compromise.
The Russians are the experts in this. I'd buy one from them.
Ubiquiti EdgeRouter X (Score:3)
https://www.ubnt.com/edgemax/e... [ubnt.com]
Just a happy customer. Firewall, VLANs, scheduling, logging, etc. Can't beat the price either.
Have several and do like them, but buyer beware that you actually need to configure it to be secure and it is just an iptables firewall. The Unifi Security Gateway is supposedly going to offer some intrusion protection services, but I am not aware of the details.
I meant to add that the UBNT community is full of people willing to help...perhaps the best asset.
They're good for a few hundred megabits. I had one at it was great when I had a 100/20 connections.
I upgraded to 950/450 and it could only manage ~300Mbit.
I don't think I'd name that for "safest" in terms of security. I could be wrong, but I don't remember it having a whole lot of security features, e.g. web filtering, IPS, antivirus scanning.
Scissors Network Security (Score:1)
http://purplebark.net/maffew/scissors.pdf
It is a time proven solution to network woes.
Safest Router. (Score:1)
In my opinion the safest router is one that can continuously be updated with the latest patches. About a year ago I used an ARS Technica guide to building your own router (Link below). Ordered a very inexpensive mini PC from china with 4 1 Gigabit ports and put Umbuntu on it. You can set it up to auto update, but I do it manually. Every week I log in and Ubuntu tells me in the login if there are any updates, and if any are related to security.
Besides being a much better performing router with full firew
safest (Score:2, Informative)
one to which you have the source code:
https://www.dd-wrt.com/site/index
Re: (Score:3)
one to which you have the source code:
https://www.dd-wrt.com/site/in... [dd-wrt.com]
This AC is exactly right actually. If you don't want to deal with some god awful proprietary firmware or go commercial grade, pick up a Netgear router with good hardware and load DD-WRT on it. Been using it for years and it is the best decision I ever made for my home setup.
OPNsense (Score:3)
OPNsense, a fork of pfSense, which is a fork of m0n0wall. It is based on Hardended BSD, with a ton of additional security extensions not available in normal FreeBSD or pfSense.
But really, security isn't just one device. Secure ALL of your shit.
What are the parameters for "safety"? (Score:2)
You can run OpenBSD on an Ubiquiti EdgeRouter (fanless, SSD). Maybe not necessary, but gives you some more features and options. No hardening required. Simple updates via a cron job.
Google wifi (Score:2)
I chose it mainly for security. As a former Google engineer, I feel that Google's security expertise is top notch.
Any router... (Score:2)
linksys and 'mcdebian' (google it)
good stuff and pretty much, pure debian on a 'plastic router'.
after that, its all up to you. but the guts are there and its updatable more than most.
How did you know (Score:1)
A faraday cage. (Score:1)
OpenBSD (Score:1)
The truth is, nothing is secure unless you can educate yourself a little bit. However, if time to do so is not a problem, the most secure device to remote hacking is probably something running OpenBSD on some single-core CPU ancient enough to be immune to stuff like the recently discovered spectre/meltdown vulnerabilities.
pfSense on WANBOX (Score:3)
pfSense running on WANBOX [amzn.to]...
pfSense because its open source and free and "just works". WANBOX, because its reliable and supports AES-NI crypto onboard.
Netgate (Score:3)
A Netgate SG-1000 if you want a packaged solution;
https://www.netgate.com/soluti... [netgate.com]
Else load up PfSense on an old PC or search ebay for pfsense... You'll find also repurposed appliance from other people loaded with PfSense.
Ethernet (Score:2)
Then have a computer just for "internet" on it as the only computer on the network.
An OS some bookmarks and what apps are needed.
Have all long term data well away from any networked computer.
Find a fast router with a good CPU that can support the best VPN protection.
Make sure the loss of the VPN will not revert to any ISP ip.
Should any malware get into a computer, they get nothing. Some bookmarks, some productivity apps.
Everything can be restored and be bac
The question is nonsensical (Score:1)
It's a subjective question, but for home users... (Score:2)
It depends on your needs and your budget. If you're a typical home user that doesn't have people specifically targeting them then your needs are very different than a corporate executive who is regularly hit with espionage attempts.
I'll answer for a typical home user: Turris Omnia [turris.cz]. It's a bit pricey ($339 on Amazon [amazon.com]), but it runs a modified version of OpenWRT. It's easy-to-use, reasonably powerful in terms of features and capabilities, and is updated frequently.
Cisco Meraki MX series (Score:1)
The Cisco/Meraki devices are phenomenal.
They are not cheap by any means, but you can a short stack of a Router (MX series security appliance, MX64 was given when I took the class,) POE 8-port switch, and Wireless Access Point for free if you attend a Cisco CMNA class.
Barking up the wrong tree? (Score:2)
Unless you are talking about your netgear or dlink box getting back doored, I think you are looking in the wrong places.
Any NAT device is sufficient.
Patch all your stuff
Don't download crap
Don't execute the crap you download
Don't play web games
Don't use internet explorer
uninstall flash
uninstall java
If you are really looking for a good firewall, go grab a little pfsense box from netgate. But I think you have many other places to look at first.
Roll your own (Score:2)
I use a cheap Pentium motherboard (also low power), and a quad intel Ethernet card (a used PRO/1000 for ~$50). It has all the bells and whistles of commercial units (captive portal, easy web ui, etc), but has the advantage of being based on FreeBSD.
https://www.pfsense.org/ [pfsense.org]
If you were to prefer Linux, it would be possible to use openwrt instead.