• Guest, The rules for the P & N subforum have been updated to prohibit "ad hominem" or personal attacks against other posters. See the full details in the post "Politics and News Rules & Guidelines."

Question Most Secure Home Routers

PowerEngineer

Diamond Member
Oct 22, 2001
3,351
396
126
I just stumbled across this article:

Home router warning: They're riddled with known flaws and run ancient, unpatched Linux

Truthfully, I've pretty much always known that I should be paying more attention to router security. Right now I have a Linksys/Cisco EA8300 as my main router and a Linksys E4200 as a remote access point. I'm sure there are better choices out there.

What are the most secure routers available today? I'd also appreciate your tips on how to properly configure them.

Thanks!
 

sdifox

No Lifer
Sep 30, 2005
85,715
9,731
126
I just stumbled across this article:

Home router warning: They're riddled with known flaws and run ancient, unpatched Linux

Truthfully, I've pretty much always known that I should be paying more attention to router security. Right now I have a Linksys/Cisco EA8300 as my main router and a Linksys E4200 as a remote access point. I'm sure there are better choices out there.

What are the most secure routers available today? I'd also appreciate your tips on how to properly configure them.

Thanks!
Pfsense or Sophos. Turn that Linksys into AP.
 
Last edited:

ch33zw1z

Lifer
Nov 4, 2004
33,989
12,825
146
The actual study is from 2018, so even worse 2 years later, because Soho router makers tend to EOL devices without any notifications, and the list likely even larger now.

Yea, pfsense is good, ubiquiti ER-X wasn't reviewed in the article, but is still getting at least periodic updates, currently what I'm using.
 
  • Like
Reactions: PowerEngineer

razel

Platinum Member
May 14, 2002
2,337
89
101
Most secure one is one that gets updated regularly. Even the best have some vulnerabilities, it's how quickly they patch and continue to support that matters. So far, Google and any router in ASUS' AiMesh are top of my list.

Even with them, I believe Google is quietly saying goodbye to the 5 year old onHub, once they drop support, it's time to buy a new router.
 

UsandThem

Elite Member
Super Moderator
May 4, 2000
14,955
5,645
146
I bought my current router in late 2016 (TP Link Archer C5400).

It's been 100% rock solid since I first bought it (especially since our kids connect more and more stuff to network). I had the Netgear Nighthawk before that, and when everyone was home and connecting, it became pretty unstable.

That said, TP Link router last had a firmware update in 2017 (and only two updates total in 5 years), and that was it. So that aspect is pretty disappointing.
 
Last edited:
  • Like
Reactions: PowerEngineer

VirtualLarry

No Lifer
Aug 25, 2001
52,001
6,920
126
I bought my current router in late 2016 (TP Link Archer C5400).

It's been 100% rock solid since I first bought it (especially since our kids connect more and more stuff to network). I had the Netgear Nighthawk before that, and when everyone was home and connecting, it became pretty unstable.

That said, TP Link router last had a firmware update in 2017 (and only two updates total in 5 years), and that was it. So that aspect is pretty disappointing.
Hate to say it, but it's probably exploitable at this point.
 

UsandThem

Elite Member
Super Moderator
May 4, 2000
14,955
5,645
146
Hate to say it, but it's probably exploitable at this point.
Yeah, I don't that at all unfortunately. Over the years, I've looked for custom firmware from the usual places, and it seems like it just will never happen for this model.

If this was for a business, it would have been replaced yesterday. I don't keep a NAS on it, and I keep it pretty locked down concerning MAC addresses and such. I look at the log periodically, and so far nothing unusual. I'm sure if I had something of value that someone really wanted, with all the various exploits over the last 4-5 years, they could get it.

That said, I've been eyeing new routers over the last 6 months or so, and I will likely be replacing it at some point this year with something that is still being supported / has DD-WRT or OpenWRT support so this doesn't happen again so quickly. The lack of updates/support has really soured me on seriously considering TP Link again, even though hardware-wise it's been really stable.
 
  • Like
Reactions: PowerEngineer

ch33zw1z

Lifer
Nov 4, 2004
33,989
12,825
146
It's a real shame. TP-Link releases new hardware, to great fanfare, and then... abandons it. Very few, if any, updates. :(
It is a shame. However, they operate in a very competitive market with a largely unknowledgeable consumer base. The other vendors operate the same way.

I know two people who have a Linksys AC1900WRT, one operates a small business. Since that router hasn't had updates in 2 years, it's assumed that it's vulnerable. I'm going to have to recommend (and probably do it) a replacement. Want the latest linux patches? buy a new model SOHO device, and MAYBE you'll get them....but it's not guaranteed.
 
  • Like
Reactions: PowerEngineer

thecoolnessrune

Diamond Member
Jun 8, 2005
9,569
470
126
As others stated, the best defense is a router that's actively updated. And yes, I have my own Netgate PFSense appliance for my home (SG-3100), but I also know the people I help, and most of them aren't going to be fudging around with PFSense. Instead, I usually recommend Unifi's gear. For instance, I gave my grandparents a Unifi USG and set that up, because it's more than performant enough for their connection (~25-50 Mbps cellular), and receives updates very regularly. The main driver, is that if something happens to it, they can set it up from scratch with the backup file, and pressing the physical restore button. That's immensely easier for them to do vs. needing to Console into a PFSense appliance, stare at command line, get a base configuration going, then logging in to restore the backup.
 

Scarpozzi

Lifer
Jun 13, 2000
25,996
1,498
126
Yea, I dunno. For myself or home users probably no worries, but for a small business I'll probably stick with ubiquiti or pfsense
These days, I think it's more important to assume your network is compromised and verify that your systems and workstations are all locked down. If you have a server on your local network, you should have it on a private vlan protected by another layer of NAT that's separate from clients and be using iptables or other similar local firewalling configured to lock its communication to specific ports and/or IPs. I'm a huge fan of using layer 4 switches/load balancers to mask the actual servers and use that to throttle all your traffic through another layer of protection by directing all attacks to a system that's more like a higher-level (talking OSI model here) router than anything.
 

Makaveli

Diamond Member
Feb 8, 2002
4,351
536
126
If you are not going to build you own PFsense or Enterprise grade hardware.

The next best thing is an asus router running Merlin firmware. Both Asus and Merlin update the firmwares on a regular basis and there is an active support community for both firmwares.


Yeah, I don't that at all unfortunately. Over the years, I've looked for custom firmware from the usual places, and it seems like it just will never happen for this model.

If this was for a business, it would have been replaced yesterday. I don't keep a NAS on it, and I keep it pretty locked down concerning MAC addresses and such. I look at the log periodically, and so far nothing unusual. I'm sure if I had something of value that someone really wanted, with all the various exploits over the last 4-5 years, they could get it.

That said, I've been eyeing new routers over the last 6 months or so, and I will likely be replacing it at some point this year with something that is still being supported / has DD-WRT or OpenWRT support so this doesn't happen again so quickly. The lack of updates/support has really soured me on seriously considering TP Link again, even though hardware-wise it's been really stable.
You aren't going to find really any custom firmware for TP link hardware. I believe it was possible in the past it was stopped on their end so now you are at the mercy of the vendor to update.
 
Last edited:

PowerEngineer

Diamond Member
Oct 22, 2001
3,351
396
126
First, I appreciate all your responses. Thank you! 👍👍

Second, I was really hoping for an easy answer. But I can see that (as with most things) doing it right is going to take more effort than I anticipated. Time to start inventorying my retired hardware to see if I have the makings for a PFsense build.

Open to further advice!
 

PowerEngineer

Diamond Member
Oct 22, 2001
3,351
396
126
What is your budget for this?
I had been thinking that a new upscale secure wired/WIFI router would put me in the $250-$350 range, but I haven't really set myself a budget for this yet.

If I can safely use my existing Linksys units as WIFI access points to a PFsense router built using an old desktop or laptop with some new network cards and/or switches, then perhaps I could still be in that ballpark?
 

sdifox

No Lifer
Sep 30, 2005
85,715
9,731
126
I had been thinking that a new upscale secure wired/WIFI router would put me in the $250-$350 range, but I haven't really set myself a budget for this yet.

If I can safely use my existing Linksys units as WIFI access points to a PFsense router built using an old desktop or laptop with some new network cards and/or switches, then perhaps I could still be in that ballpark?
How big a place do you have and what type of construction?
I am assuming you already have drops to where your current router/ap are at?

An intel two port gigabit nic, 2 unifi ac pro plus a used pc ought to do.
 
  • Like
Reactions: PowerEngineer

PowerEngineer

Diamond Member
Oct 22, 2001
3,351
396
126
How big a place do you have and what type of construction?
I am assuming you already have drops to where your current router/ap are at?

An intel two port gigabit nic, 2 unifi ac pro plus a used pc ought to do.
Typical two-story house with around 3500 square feet of living space, and I have drops for the router and access points at opposite ends of the house.

The unifi ac pro plus access point sounds a bit daunting.
 

sdifox

No Lifer
Sep 30, 2005
85,715
9,731
126
Typical two-story house with around 3500 square feet of living space, and I have drops for the router and access points at opposite ends of the house.

The unifi ac pro plus access point sounds a bit daunting.
What do you mean by daunting?
 

Scarpozzi

Lifer
Jun 13, 2000
25,996
1,498
126
Typical two-story house with around 3500 square feet of living space, and I have drops for the router and access points at opposite ends of the house.

The unifi ac pro plus access point sounds a bit daunting.
I have 2900 sq ft on my first floor and another 750 upstairs over the garage. I ended up have serious trouble with coverage and grabbed a refurbished Linksys Velop mesh system from woot.

I wired my Internet router up in the kitchen next to my primary node and the others are wireless in a closet and a hallway on the main floor. I may eventually run cat6 between them, but performance is decent enough until everyone starts streaming 4k in the house.
 

ASK THE COMMUNITY