Mos secure home router
- Thread starter JGBR
- Start date
There's not much difference between home routers, as they're not likely to become attacked.
Make sure you have a strong wireless password.
If using wireless, enable mac filtering.
Disable SSID broadcast
Set a password on the admin cp of the router.
Be careful what you're port forwarding, if any.
Make sure you have a strong wireless password.
If using wireless, enable mac filtering.
Disable SSID broadcast
Set a password on the admin cp of the router.
Be careful what you're port forwarding, if any.
The most secure router for home use? There is no magic home router that is more secure than any other. They are all home routers designed for home routing with basic "hardware security". All much of a muchness. All routers now tend to support WPA2 for wireless. Job done.
What is it you are trying to secure exactly? I mean there are numerous attacks against Ethernet. And QoS isn't a security feature.
The DD-WRT firmware or tomato firmware offers iptables (+ stateful) firewall and other good security features, so any router you can flash with that will more than likely cover your home security needs.
To go a step further, I would say build your own custom dedicated security box. Especially at non-enterprise level, home routers have a limited (but probably perfectly fine for your needs) feature set and for a small budget you can whack some old hardware together that will offer you enterprise level protection.
Basically though you want a good firewall like iptables or pfsense and some kind of intrusion detection/prevention e.g Snort.
Use OpenDNS and use static IP's rather than DHCP or run some kind of ARP protection tool (depending on how much you trust the inside of your LAN / paranoia level).
You really need to define what it is you want to secure over the basic NAT / firewall security features you get as standard.
Last edited:
Technically disabling SSID broadcast is more of a security risk for clients that connect to that access point.
http://www.howtogeek.com/howto/2865...hiding-your-wireless-ssid-really-more-secure/
It's possible to spend an astonishing amount of time on this though. If nothing else I'd recommend one of the off-the-net distributions (ipcop et al) rather than a diy approach, I've spent days reading through iptables and grsec information. This is a good link if you're willing to spend time on it.
My failure to do this competantly is why I still haven't implemented a 24/7 diy box.
Yep, you're very correct, time is one asset you must have on your side
I guess it's more a continuous way of learning rather than an instant out-of-the box approach to things.
I built a Fedora 14 box with 4 gigabit ports and iptables masquerading etc for my ADSL connection. The main aim for me was the lowest possible pings under extreme circumstances and not security as such. I use a Wireless-N access point for mobile devices and the Fedora box for DHCP etc.
Took a while to learn how to configure it all, but it bought my pings down to rock bottom levels and I can hammer the line with torrents using transmission and play FPS games simultaneously.
The longer you spend learning linux the more you realize how flexible it can be. I use samba shares to access files over wifi on my android phone and it all works so seamlessly it really surprised me!
Sharing the internet link using linux is so much better in terms of latency and number of open connections. Standalone routers or windows ICS cannot compare as the linux network stack is so superior to Windows, and no standalone router has the CPU grunt or RAM capacity of a reasonably modern PC. I recently experimented with a top Asus router which supposedly had a super fast 600mhz CPU, and my trusty Pentium4 homebrew router was way faster in terms of latency etc! I am going to upgrade soon with a lower TDP CPU, motherboard etc. but have been delaying because I am dreading reconfiguring everything...
If you want a pure stateful firewall distro with QoS etc and the best security features, you should check out pfSense. I used Fedora instead as I wanted to use it for other things, such as torrent downloading etc.
Took a while to learn how to configure it all, but it bought my pings down to rock bottom levels and I can hammer the line with torrents using transmission and play FPS games simultaneously.
The longer you spend learning linux the more you realize how flexible it can be. I use samba shares to access files over wifi on my android phone and it all works so seamlessly it really surprised me!
Sharing the internet link using linux is so much better in terms of latency and number of open connections. Standalone routers or windows ICS cannot compare as the linux network stack is so superior to Windows, and no standalone router has the CPU grunt or RAM capacity of a reasonably modern PC. I recently experimented with a top Asus router which supposedly had a super fast 600mhz CPU, and my trusty Pentium4 homebrew router was way faster in terms of latency etc! I am going to upgrade soon with a lower TDP CPU, motherboard etc. but have been delaying because I am dreading reconfiguring everything...
If you want a pure stateful firewall distro with QoS etc and the best security features, you should check out pfSense. I used Fedora instead as I wanted to use it for other things, such as torrent downloading etc.
Associate
- Joined
- 27 Apr 2004
- Posts
- 2,377
You need to ask the right questions. Pretty much all cheap routers will do for 90% of home users. If you think you require something special then you'll need to specify what it is you want to do with it so that we can help by suggesting suitable choices.
If you don't need anything special then within reason it doesn't matter what router you have.
For what it's worth I have a pcengines WRAP running pfSense.
If you don't need anything special then within reason it doesn't matter what router you have.
For what it's worth I have a pcengines WRAP running pfSense.
Any thoughts on how openwrt compares to the mainstream distributions for this? By which I mean Debian, Fedora, Slackware or Gentoo. My hunch is that there will be nothing to call between them, making a router flashed with openwrt exactly as capable a firewall/router as an X86 box.
(Aside from the different hardware, comparing 8mb of ram to 4gb is never going to be all that fair).
I'm interested in any thoughts on this, as I'm trying to choose between an alix x86 board or an off the shelf router running openwrt.
(Aside from the different hardware, comparing 8mb of ram to 4gb is never going to be all that fair).
I'm interested in any thoughts on this, as I'm trying to choose between an alix x86 board or an off the shelf router running openwrt.