Mos secure home router

Associate
Joined
18 Mar 2007
Posts
1,838
Most secure home router

Anyone seen any reviews, have or know of the most secure home router you can buy?

My current airport extreme does not support QoS and state package inspection.

(not fussed over wifi etc , gigabit ports a must!)
 
Last edited:
There's not much difference between home routers, as they're not likely to become attacked.

Make sure you have a strong wireless password.
If using wireless, enable mac filtering.
Disable SSID broadcast
Set a password on the admin cp of the router.

Be careful what you're port forwarding, if any.
 
Anyone seen any reviews, have or know of the most secure home router you can buy?

My current airport extreme does not support QoS and state package inspection.

(not fussed over wifi etc , gigabit ports a must!)



The most secure router for home use? There is no magic home router that is more secure than any other. They are all home routers designed for home routing with basic "hardware security". All much of a muchness. All routers now tend to support WPA2 for wireless. Job done.
 
I meant from a Ethernet/internet point of way, IE firewalls etc.

What is it you are trying to secure exactly? I mean there are numerous attacks against Ethernet. And QoS isn't a security feature.


The DD-WRT firmware or tomato firmware offers iptables (+ stateful) firewall and other good security features, so any router you can flash with that will more than likely cover your home security needs.

To go a step further, I would say build your own custom dedicated security box. Especially at non-enterprise level, home routers have a limited (but probably perfectly fine for your needs) feature set and for a small budget you can whack some old hardware together that will offer you enterprise level protection.

Basically though you want a good firewall like iptables or pfsense and some kind of intrusion detection/prevention e.g Snort.

Use OpenDNS and use static IP's rather than DHCP or run some kind of ARP protection tool (depending on how much you trust the inside of your LAN / paranoia level).

You really need to define what it is you want to secure over the basic NAT / firewall security features you get as standard.
 
Last edited:
To go a step further, I would say build your own custom dedicated security box.

It's possible to spend an astonishing amount of time on this though. If nothing else I'd recommend one of the off-the-net distributions (ipcop et al) rather than a diy approach, I've spent days reading through iptables and grsec information. This is a good link if you're willing to spend time on it.

You really need to define what it is you want to secure over the basic NAT / firewall security features you get as standard.

My failure to do this competantly is why I still haven't implemented a 24/7 diy box.
 
It's possible to spend an astonishing amount of time on this though. If nothing else I'd recommend one of the off-the-net distributions (ipcop et al) rather than a diy approach, I've spent days reading through iptables and grsec information. This is a good link if you're willing to spend time on it.

My failure to do this competantly is why I still haven't implemented a 24/7 diy box.

Yep, you're very correct, time is one asset you must have on your side :p I guess it's more a continuous way of learning rather than an instant out-of-the box approach to things.
 
A DIY firewall is certainly a 'project' for those who like tinkering. Its been on my to do list for months now.
 
I built a Fedora 14 box with 4 gigabit ports and iptables masquerading etc for my ADSL connection. The main aim for me was the lowest possible pings under extreme circumstances and not security as such. I use a Wireless-N access point for mobile devices and the Fedora box for DHCP etc.

Took a while to learn how to configure it all, but it bought my pings down to rock bottom levels and I can hammer the line with torrents using transmission and play FPS games simultaneously.

The longer you spend learning linux the more you realize how flexible it can be. I use samba shares to access files over wifi on my android phone and it all works so seamlessly it really surprised me!

Sharing the internet link using linux is so much better in terms of latency and number of open connections. Standalone routers or windows ICS cannot compare as the linux network stack is so superior to Windows, and no standalone router has the CPU grunt or RAM capacity of a reasonably modern PC. I recently experimented with a top Asus router which supposedly had a super fast 600mhz CPU, and my trusty Pentium4 homebrew router was way faster in terms of latency etc! I am going to upgrade soon with a lower TDP CPU, motherboard etc. but have been delaying because I am dreading reconfiguring everything...

If you want a pure stateful firewall distro with QoS etc and the best security features, you should check out pfSense. I used Fedora instead as I wanted to use it for other things, such as torrent downloading etc.
 
Of the shelf: are their routers with it all? (home)

Or what home router has the most security features?
 
You need to ask the right questions. Pretty much all cheap routers will do for 90% of home users. If you think you require something special then you'll need to specify what it is you want to do with it so that we can help by suggesting suitable choices.

If you don't need anything special then within reason it doesn't matter what router you have.

For what it's worth I have a pcengines WRAP running pfSense.
 
Stateful firewalls require a substantial amount of RAM and CPU grunt to work well without adding latency to your traffic. I would suggest building a low powered PC for the job and learning as you go with pfSense or a Linux/BSD distro.
 
Any thoughts on how openwrt compares to the mainstream distributions for this? By which I mean Debian, Fedora, Slackware or Gentoo. My hunch is that there will be nothing to call between them, making a router flashed with openwrt exactly as capable a firewall/router as an X86 box.

(Aside from the different hardware, comparing 8mb of ram to 4gb is never going to be all that fair).

I'm interested in any thoughts on this, as I'm trying to choose between an alix x86 board or an off the shelf router running openwrt.
 
Back
Top Bottom