Low-cost, secure wireless router

[Dooling37]

hey all,

My DLink Dl-614+ has performed admirably over the last 4+ years, and I hesitate to replace anything that ain't broken, but I'd really like to take advantage of some more granular security filtering and logging capabilities when I upgrade the rest of my humble home network over the winter.

Suggestions for a good, low-cost (~<$100) wireless AP/router (I'm currently just using 802.11b and also require 4+ wired ports) that has robust security features and nice logging facilities greatly appreciated.

Specifically:
- stateful, granular packet filtering
- MAC address filtering
- WPA encryption
- port forwarding for internal servers

- easily-exportable logs OR external logging capability (i.e. to external syslog)
- thorough/detailed logging (not just IPs, ports, and timestamps)

I'm interested in submitting the logs to DShield or similar, if anyone is aware of compatibility with that.


thanks much!

 

[vorgusa]

I do not know anything about Dshield, but I know this is a good router... pretty much all routers now have those abilities, but I an not sure about the logging...

http://www.pricegrabber.com/p__Belkin_B...O_Router,__12043938/search=belkin+mimo

 

[JackMDS]

Originally posted by: Dooling37I'm interested in submitting the logs to DShield or similar, if anyone is aware of compatibility with that.

Just curious why DShield?

Serious concern of security and low cost are somewhat mutually exclusive.

As an example, if you are runing a Banking service you do not protect yourself with entry level hardware.

Security wise there is No real difference between the Brand Name recent 802.11g Routers.

 

[vorgusa]

I would not think there would be much of a reason to go beyond WPA or WPA2 especially since there are so many unsecure routers out there.. unless you think you will be specifically targeted then there is no reason to go overboard with security.

 

[Dooling37]

Thanks for the responses. I am not interested in a bullet-proof secure wireless device because I need the security -- I just work in the computer security field and would like more hands-on experience configuring network devices' security. I guess I am mostly interested in the filtering and logging capabilities, moreso than encryption/etc.

I've been an ISC (.sans.org) reader for quite awhile, and interested in the DShield project for a long time (do similar, commercialized work) but have never been able to submit logs (device incompatibility). So I'd like to be able to submit logs and thereby motivate myself to pay more attention to the attacks and trends against my network and networks globally.

; )

 

[alm4rr]

zyxel 330w were going fast on sale for couple of months now

 

[JackMDS]

Originally posted by: Dooling37DShield project for a long time (do similar, commercialized work) but have never been able to submit logs (device incompatibility). So I'd like to be able to submit logs and thereby motivate myself to pay more attention to the attacks and trends against my network and networks globally.; )

I would email DShield and ask them for their recommendations.

They have a section about logs on their site, but it is list all Brand names including what you have now.

BTW. Big public sites (commercial or otherwise) might experience ?attacks? and hacking attempts that targeted against them, it is rather rare that End-users are under individual targeted attack. End-Users (especially the one that are on Cable Internet Connection) have so much noise, up hazard pings, and futile connection attempts knocking on their doors, that under regular circumstances it is useless analyzing the Router?s logs.

Every month you find here posts of End-Users that glanced at their Router Logs and are convinced that every one in the world is after them, not realizing that they are seeing ?White Noise? entries in the Router?s log, a lot of them generated by their ISP servers.

Unlike big enteties, the IPs do not belong to the End-Users but to the ISP. In addition, all the traffic is going trough the ISP?s proxies. If a real serious attack is mounted against End-Users, it is usually blocked by the ISP system.

End-Users are mainly ?deceased? by Email and spywares, which are not reflected in Router?s logs.

 

[n0cmonkey]

Originally posted by: JackMDS

Originally posted by: Dooling37DShield project for a long time (do similar, commercialized work) but have never been able to submit logs (device incompatibility). So I'd like to be able to submit logs and thereby motivate myself to pay more attention to the attacks and trends against my network and networks globally.; )

I would email DShield and ask them for their recommendations.

They have a section about logs on their site, but it is list all Brand names including what you have now.

BTW. Big public sites (commercial or otherwise) might experience ?attacks? and hacking attempts that targeted against them, it is rather rare that End-users are under individual targeted attack. End-Users (especially the one that are on Cable Internet Connection) have so much noise, up hazard pings, and futile connection attempts knocking on their doors, that under regular circumstances it is useless analyzing the Router?s logs.

Every month you find here posts of End-Users that glanced at their Router Logs and are convinced that every one in the world is after them, not realizing that they are seeing ?White Noise? entries in the Router?s log, a lot of them generated by their ISP servers.

Unlike big enteties, the IPs do not belong to the End-Users but to the ISP. In addition, all the traffic is going trough the ISP?s proxies. If a real serious attack is mounted against End-Users, it is usually blocked by the ISP system.

End-Users are mainly ?deceased? by Email and spywares, which are not reflected in Router?s logs.

Analyzing logs from multiple connections (commercial or residential) can help provide trending information. Lots of hits across the board on UDP/80? Upswing in scanning of port 3280? dshield finds it all. And provides a mostly useless mailing list to boot.

 

[JackMDS]

Originally posted by: n0cmonkey

Originally posted by: JackMDS

Originally posted by: Dooling37DShield project for a long time (do similar, commercialized work) but have never been able to submit logs (device incompatibility). So I'd like to be able to submit logs and thereby motivate myself to pay more attention to the attacks and trends against my network and networks globally.; )

I would email DShield and ask them for their recommendations.

They have a section about logs on their site, but it is list all Brand names including what you have now.

BTW. Big public sites (commercial or otherwise) might experience ?attacks? and hacking attempts that targeted against them, it is rather rare that End-users are under individual targeted attack. End-Users (especially the one that are on Cable Internet Connection) have so much noise, up hazard pings, and futile connection attempts knocking on their doors, that under regular circumstances it is useless analyzing the Router?s logs.

Every month you find here posts of End-Users that glanced at their Router Logs and are convinced that every one in the world is after them, not realizing that they are seeing ?White Noise? entries in the Router?s log, a lot of them generated by their ISP servers.

Unlike big enteties, the IPs do not belong to the End-Users but to the ISP. In addition, all the traffic is going trough the ISP?s proxies. If a real serious attack is mounted against End-Users, it is usually blocked by the ISP system.

End-Users are mainly ?deceased? by Email and spywares, which are not reflected in Router?s logs.

Analyzing logs from multiple connections (commercial or residential) can help provide trending information. Lots of hits across the board on UDP/80? Upswing in scanning of port 3280? dshield finds it all. And provides a mostly useless mailing list to boot.

If some one is enjoying analysis of residential logs that is OK, the Internet is full of action that is useless in general but provides personal satisfaction to individuals (and nothing is wrong with this).

However the value of analyzing Trends while looking at individual logs of residential connection that are ?flowing? trough ISP dished Dynamic IPs is negligible as compare to the sum analysis at the ISPs proxies level.

 

[n0cmonkey]

Originally posted by: JackMDS
Analyzing logs from multiple connections (commercial or residential) can help provide trending information. Lots of hits across the board on UDP/80? Upswing in scanning of port 3280? dshield finds it all. And provides a mostly useless mailing list to boot.

If some one is enjoying analysis of residential logs that is OK, the Internet is full of action that is useless in general but provides personal satisfaction to individuals (and nothing is wrong with this).

However the value of analyzing Trends while looking at individual logs of residential connection that are ?flowing? trough ISP dished Dynamic IPs is negligible as compare to the sum analysis at the ISPs proxies level.
[/quote]

If you could get all of the ISPs to hand over their logs to a third party, sure that'd be great. I wonder how many of those proxies and gateways log port scans. Or can setup a system to catch traffic on a random port at some time of the day without violating a privacy rule/law.

Instead a bunch of people are offering up their personal logs for trending analysis to this third party. Maybe information on what ports are getting how often out of a random sampling of people throughout the world doesn't interest you, but if I see the number of scans for a random port going up I'm going to start looking at my own network to make sure nothing that shouldn't be listening on that port is listening on that port.