Find a **Secure** router

[Deleted member 28741]

With all the media reports about router hacking (mass attacks in Poland and Brazil etc) does anyone have recommendations on the most **Secure** router?

To me this seems as important as the performance of the device.

I considered Apple's airport extreme simply because it doesn't have a web based admin interface - but then again this may have yet to be discovered backdoors.

Any advice welcome

 

[stevech]

With all the media reports about router hacking (mass attacks in Poland and Brazil etc) does anyone have recommendations on the most **Secure** router?

To me this seems as important as the performance of the device.

I considered Apple's airport extreme simply because it doesn't have a web based admin interface - but then again this may have yet to be discovered backdoors.

Any advice welcome

All routers I've seen come with the web based router admin DISABLED for access from the WAN/Internet and DISABLED for accessed via WiFi.

A few tried out HTPPS/secure admin from the manufacturers' servers, in an attempt to help non-techies. But all have the means to disable this too.

A very few shipped with SSH or telnet enabled. These have been fixed/disabled.

So there's no simple answer. Choose by price vs. features you NEED, then ensure you know how to verify the items above are disabled.

 

[Deleted member 28741]

Thanks

It was the reports of hacking that re-kindled my interest in getting a new router… the old D Link 655 worked okayish… but the ethernet ports dropped out now and then which needed a reboot. There was also the security problem of it's admin panel being accessible from the WAN … which I could not turn off for the life of me.

I usually use Amazon "best Seller" lists to choose electrical stuff … but after sifting through the customer reviews I decided I needed more objective advice … so I am really glad I found Small Net Builder.

I dumped the DLink and got a TP Link model. It was a choice between the Archer C7 or the 841 HP (the "turbo" version of their best selling 841). I went for the cheap one..

It is single channel but it works fine and all the wifi devices work well with it. However, if it dies later on I will need another one so good to get the expert advice here. I have to stay away from the computer shop or I know I will get the C7…

 

[stevech]

I rely mostly on Newegg.
Too few reviews: skip it
Throw out the high, low, and screwballs.

Amazon is just too wild for me as they are a fulfillment house. Whereas Newegg and TigerDirect and a few others can't sell many crappy products because of their liberal returns. I view Newegg as an almost-Costco.

 

[Deleted member 28741]

Reviews

I will have a look at the NewEgg site … Thanks

Haven't used them before so it didn't cross my mind.

 

[sfx2000]

I rely mostly on Newegg.
Too few reviews: skip it
Throw out the high, low, and screwballs.

Amazon is just too wild for me as they are a fulfillment house. Whereas Newegg and TigerDirect and a few others can't sell many crappy products because of their liberal returns. I view Newegg as an almost-Costco.

Don't forget to check Costco

http://www.costco.com/routers-networking.html

some remarkable deals there for members...

sfx

 

[remixedcat]

get an enterprise grade router with proper security and network segmentation.

 

[stevech]

get an enterprise grade router with proper security and network segmentation.

Overkill, don't you agree?

 

[stevech]

Don't forget to check Costco

http://www.costco.com/routers-networking.html

some remarkable deals there for members...

sfx

I didn't realize they sold such gear on-line.

If you want a good 8 port ethernet switch, here's a deal on the venerable Netgear GS108 (I have one). I thought they were discontinued.

http://www.frys.com/product/3922738?source=google&gclid=CJfU2OGRmr4CFcNafgodJGoA7g

 

[sfx2000]

With all the media reports about router hacking (mass attacks in Poland and Brazil etc) does anyone have recommendations on the most **Secure** router?

To me this seems as important as the performance of the device.

I considered Apple's airport extreme simply because it doesn't have a web based admin interface - but then again this may have yet to be discovered backdoors.

Any advice welcome

"backdoors" happen - mostly thru accident - sometimes at the OEM level, sometimes at the Vendor level...

Any AP/Router that has built-in servers - whether WWW to admin, File Servers for whatever, media sharing, bit-torrent, etc... there's always a chance that someone might have made a mistake somewhere - it's not that they intend to - example the Heartbleed SSL bug, but these things happen.

For me at present - Airports with Airplay, File Sharing, Back to My Mac - turn those off, and they're reasonably secure - the current 2012 editions had the Heartbleed issue for Back to My Mac, but again, if the feature wasn't used, folks were not vulnerable.

I cannot see any AP/Router with a Web Based admin interface, even if external WAN access is disallowed, as being secure in any event...

There's a particular product that's of interest right now - the WRT1900ac - it has a Web Based captive portal for Guest Access on Open 802.11ac - this is pretty scary, IMHO... convenient - yes, secure - not on your life... and 11ac is a big freaking wireless pipe for a drive by spam attack.

sfx

 

[stevech]

I cannot see any AP/Router with a Web Based admin interface, even if external WAN access is disallowed, as being secure in any event...

you mean WiFi and WAN?

If admin access has a good password, and is wired LAN only, in a residence, I see no issue.

 

[Deleted member 28741]

Airport Extreme is more secure then?

"backdoors" happen - mostly thru accident - sometimes at the OEM level, sometimes at the Vendor level...

Any AP/Router that has built-in servers - whether WWW to admin, File Servers for whatever, media sharing, bit-torrent, etc... there's always a chance that someone might have made a mistake somewhere - it's not that they intend to - example the Heartbleed SSL bug, but these things happen.

For me at present - Airports with Airplay, File Sharing, Back to My Mac - turn those off, and they're reasonably secure - the current 2012 editions had the Heartbleed issue for Back to My Mac, but again, if the feature wasn't used, folks were not vulnerable.

I cannot see any AP/Router with a Web Based admin interface, even if external WAN access is disallowed, as being secure in any event...

sfx

Do you think the "tower" Airport Extreme (1750AC) is more secure than routers with web based UI then?

And is Airplay really a security issue? I thought that it was all internal communication between devices? Iphone > Apple TV etc

 

[stevech]

For many reasons, I haven't chosen to use Apple WiFi products.
But then, I am not a devote' of the All-Apple-proprietary religion.

It may be that Airplay is similar to uPnP and its risks.
It's prudent to disable uPnP.

 

[sfx2000]

Do you think the "tower" Airport Extreme (1750AC) is more secure than routers with web based UI then?

And is Airplay really a security issue? I thought that it was all internal communication between devices? Iphone > Apple TV etc

I wouldn't say it or more or less secure - the challenge with Web-Based UI's is that if not implemented correctly, they're more exposed to things like cross-site attacks (which was the issue with many routers a while back).

There's a good reason why enterprise grade access points generally do not have embedded Web Servers built into them, instead, they typically will use an external application to manage and configure them.

Airplay isn't a security issue per se - but it's zero authentication but local subnet only.