• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Most Secure Router?

ChrisKC

ChrisKC

Junior Member
I need a new wireless router. I'm mostly concerned with security. There's only a couple of laptops, two or three phones, and maybe one streaming tv. Here's what I was told to look for:

* Automatic firmware updates or at least notifications
* No WPS
* Guest network ability
* Firmware rollback option
* Able to disable remote admin access - ethernet only access
* Can disable (or stealth) PING, Telnet, SSH, UPnP, and HNAP
* OpenDNS
* VPN
* Dual-band would be preferable

Do you prefer particular brands or models in terms of security or their ability to quickly distribute patches?

I've done a lot of looking online and talking to people here locally, but some things on this list aren't "listed on the box".

Thanks for your suggestions.

Chris
 
I think a custom Untangle box would be perfect for all that. (or pfSense)

Essentially you assemble a small computer, install the Untangle OS, and then load it up with whatever security features you fancy. Very secure...
 
"I'm mostly concerned with security" and, "Automatic firmware updates or at least notifications"

The above is Oxymoron, many time the connection to the firmware server and the Updates content is what comprising Security.

What you are looking for is None assistance in sub $500 consumers Wireless Routers.


😎
 
JackMDS said:
"I'm mostly concerned with security" and, "Automatic firmware updates or at least notifications"

The above is Oxymoron, many time the connection to the firmware server and the Updates content is what comprising Security.

What you are looking for is None assistance in sub $500 consumers Wireless Routers.


😎
Click to expand...
Okay. That's good to know. So Wireless Router > $500 that doesn't update automatically. What would you suggest that meets the criteria?
 
I would go with pfsense + managed switch + Unifi APs. With managed switch you can do vlans, then split stuff up based on risk. Pfsense will do the inter-vlan routing/filtering. So for example, wifi would be on it's own vlan, another guest SSID on another vlan. These vlans should be setup so they only need access to bare minimum such as the internet, and not each other.

Unifi APs can also support vlans so you set the link to the AP as a trunk port and allow it to access only the vlans you choose then configure a few SSIDs.

Also for overall network security avoid cloud based stuff like IoT home automation stuff. These devices are basically designed to spy on you. Also avoid windows 10. If you have to use windows 10, put it on a separate vlan so it can't access the rest of the network.
 
MtnMan said:
Synology RT2600ac meets all you requirements, plus you can install optional packages such as Intrusion Prevention, which also automatically updates.
Click to expand...

That said, there is numerous reports that once you install and use the intrusion prevention package the performance of the Router goes Down steep Hill.


😎
 
JackMDS said:
That said, there is numerous reports that once you install and use the intrusion prevention package the performance of the Router goes Down steep Hill.


😎
Click to expand...
I heard that was a problem on the 1900 model, but I have not experienced any slow down or performance issue with the 2600, which has a much beefer dual-core CPU and more RAM.

I have 60/5 plan with charter, and get 65/6 on speed tests, for both wired and wireless devices and router is configured as dual-stack.
 
ChrisKC said:
I need a new wireless router. I'm mostly concerned with security. There's only a couple of laptops, two or three phones, and maybe one streaming tv. Here's what I was told to look for:

* Automatic firmware updates or at least notifications
Click to expand...

Most routers have notifications in the webUI now, I think.

* No WPS
Click to expand...

Easy to disable on any router that has it.

* Guest network ability
Click to expand...

Most higher-end consumer routers have this now.

* Firmware rollback option
Click to expand...

Most routers will let you flash an older FW version, but a proper rollback (it keeps around both the current and previous firmware, and falls back to the old one if there's a problem) is a pretty enterprise-ey; I wouldn't expect a consumer router to have this. It's standard on rack-mounted Cisco gear and the like.

I suppose you could buy some used enterprise equipment, but then you'd need a separate WAP for wifi.

If you're not a network geek, that's a terrible idea.

* Able to disable remote admin access - ethernet only access
Click to expand...

Remote management is off by default on every router I've ever used.

* Can disable (or stealth) PING, Telnet, SSH, UPnP, and HNAP
Click to expand...

This is configurable on every router I've ever used. If all else fails, the firewall settings can be used to turn these off.

* OpenDNS
Click to expand...

DNS server is configurable on every router I've ever used.

* VPN
Click to expand...

Specifically, you want OpenVPN compatibility.

* Dual-band would be preferable
Click to expand...

Pretty much standard these days.

I'd be looking at an open source router firmware like Tomato or DD-WRT (which have all that stuff), and buy the hardware that is recommended by those communities.

Higher-end ASUS consumer routers have firmware that is based heavily on... umm... Merlin, I think? Maybe. I don't remember. Anyway, they do all that out of the box.

The above solutions and recommendations are not wrong, but they are crazy-overkill.
 
Last edited:
I'm using an Asus AC68R (same hardware as AC68U), running Tomato firmware. Runs pretty decently. Only have 75/75 and 10/1 connections running through it, so I haven't tested the limits of the router with a gigabit Internet connection.)
 
VirtualLarry said:
I'm using an Asus AC68R (same hardware as AC68U), running Tomato firmware. Runs pretty decently. Only have 75/75 and 10/1 connections running through it, so I haven't tested the limits of the router with a gigabit Internet connection.)
Click to expand...
Do you torrent? Because that will test the limits of a router regardless of your connection.
 
pcslookout said:
What tests the limits of a router more torrenting or uploading to cloud storage ?
Click to expand...

Torrenting as part of a big swarm, probably.

Handling a few hundred simultaneous connections, even if none of those individual connections is itself consuming a lot of bandwidth, is a lot more CPU- and RAM-intensive than doing one full-speed upload to a single server.

You could also set up some kind of synthetic benchmark, I suppose.
 
dave_the_nerd said:
Torrenting as part of a big swarm, probably.

Handling a few hundred simultaneous connections, even if none of those individual connections is itself consuming a lot of bandwidth, is a lot more CPU- and RAM-intensive than doing one full-speed upload to a single server.

You could also set up some kind of synthetic benchmark, I suppose.
Click to expand...

How to set up a synthetic benchmark please ?

Right now I am testing 3 wireless devices and 1 wired device on my router all doing something at once. 3 devices streaming video (Netflix, Directv Now) and my one wired connection pc downloading on Newsgroups with a upload to dropbox for a test only.

All with no streaming buffering or lag.
 
pcslookout said:
How to set up a synthetic benchmark please ?
Click to expand...

Dunno myself - other people do that. I usually just trust smallnetbuilder. They've outlined their methodology here:

https://www.smallnetbuilder.com/lanwan/lanwan-howto/33097-snb-s-router-test-gets-tougher-a-preview

Right now I am testing 3 wireless devices and 1 wired device on my router all doing something at once. 3 devices streaming video (Netflix, Directv Now) and my one wired connection pc downloading on Newsgroups with a upload to dropbox for a test only.

All with no streaming buffering or lag.
Click to expand...

I wouldn't expect load that minimal to be problematic on anything relatively recent.
 
Yeah torrents is a pretty good way to test a router. Anything with lot of small connections.

I wrote a program once that generated millions of connections and transfered bits of data, never occurred to me it could be turned into a benchmarking app as I don't think anything like it exists. I had written it to test a tcp/ip class I wrote and not so much to test the network.
 
EXCellR8 said:
I think a custom Untangle box would be perfect for all that. (or pfSense)

Essentially you assemble a small computer, install the Untangle OS, and then load it up with whatever security features you fancy. Very secure...
Click to expand...

Rifter said:
Pfsense box would be my recommendation as well.
Click to expand...

So if I go this route, what specific hardware should I use? I've reviewed the hardware requirements. I know Netgate sells their own boxes and I found several options on FirewallHardware.it among other sites. I do plan on running OpenVPN and TOR, as well as packages.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top