What are some of the most secure and affordable wireless routers?

[Raskolnikov]

I have a Cisco/Linksys AE2500. Everything in DD-WRT is setup for maximum security, including a 63-character WPA2 password. I have been the target of harassment in the past, and have been hacked, despite the aforementioned security measures. Is the following merely marketing: Box Security (»blackbox-security.com/products.p···%7CBlack) If no, any cheaper alternatives?

 

[Blanky]

I don't know much about networking, but I do know you don't need a 63 character password. If somebody hacked into your wifi it wasn't by brute forcing through zillions of password combinations

 

[Elixer]

I have a Cisco/Linksys AE2500. Everything in DD-WRT is setup for maximum security, including a 63-character WPA2 password. I have been the target of harassment in the past, and have been hacked, despite the aforementioned security measures. Is the following merely marketing: Box Security (»blackbox-security.com/products.p···%7CBlack) If no, any cheaper alternatives?

That isn't a link, so no idea what you are looking at.
Anyway, I have to agree with the above poster, I doubt you got hacked via wireless, unless there was a exploit for that firmware, or you didn't password protect remote admin access.

Would need more details about the hack, but, I doubt you kept router logs.
A very good router is Asus-RTn66u, and you can use merlin or tomato firmware on it as well, for more control.

 

[Raskolnikov]

I left Tight VNC open. (which has an amazingly secure 6 alphanumeric password) Besides allowing for the recording of visual data, this also permitted the installation of a keylogger. (that compromised all my online accounts except for those with two-factor authentication) Particularly not helping is the fact that my ISP allocates non-dynamic IP addresses, the router had "password" for its password, and the WPA2 key was the default length of around a dozen characters.

Moreover, my data was further easily compromised by the fact that I carelessly copy/pasted my Wi-Fi password to other computers/tablets/phones of my network, which included a very secure Windows XP Pro desktop. After I uninstalled the program, the hacker used the WPS exploit to gain access to my network once again, but I kept most of my privacy by directly connecting to the router on my main machine, disabling the Wi-Fi adapter, and flashing my router to DD-WRT. From then on the only vulnerable entry was the XP machine.

Since then I have learned from my mistakes (and have become quite paranoid): unique passwords (Lastpass), and a vast array of security programs.

Is the above router more secure than what I already have? DD-WRT is advertised as being an "unlocker" of features usually reserved for relatively expensive ~200$-ish routers.

 

[smitbret]

I left Tight VNC open. (which has an amazingly secure 6 alphanumeric password) Besides allowing for the recording of visual data, this also permitted the installation of a keylogger. (that compromised all my online accounts except for those with two-factor authentication) Particularly not helping is the fact that my ISP allocates non-dynamic IP addresses, the router had "password" for its password, and the WPA2 key was the default length of around a dozen characters.

Moreover, my data was further easily compromised by the fact that I carelessly copy/pasted my Wi-Fi password to other computers/tablets/phones of my network, which included a very secure Windows XP Pro desktop. After I uninstalled the program, the hacker used the WPS exploit to gain access to my network once again, but I kept most of my privacy by directly connecting to the router on my main machine, disabling the Wi-Fi adapter, and flashing my router to DD-WRT. From then on the only vulnerable entry was the XP machine.

Since then I have learned from my mistakes (and have become quite paranoid): unique passwords (Lastpass), and a vast array of security programs.

Is the above router more secure than what I already have? DD-WRT is advertised as being an "unlocker" of features usually reserved for relatively expensive ~200$-ish routers.

I don't think there's any unicorn that will fix the issues with security that you've experienced. Except for some published backdoor vulnerabilities all consumer grade routers, even with alternative firmware, have similar features for security. You are much better off examining your own activities that lead to security compromises than you are looking for the right router to protect you.

 

[Elixer]

I left Tight VNC open. (which has an amazingly secure 6 alphanumeric password) Besides allowing for the recording of visual data, this also permitted the installation of a keylogger. (that compromised all my online accounts except for those with two-factor authentication) Particularly not helping is the fact that my ISP allocates non-dynamic IP addresses, the router had "password" for its password, and the WPA2 key was the default length of around a dozen characters.

Moreover, my data was further easily compromised by the fact that I carelessly copy/pasted my Wi-Fi password to other computers/tablets/phones of my network, which included a very secure Windows XP Pro desktop. After I uninstalled the program, the hacker used the WPS exploit to gain access to my network once again, but I kept most of my privacy by directly connecting to the router on my main machine, disabling the Wi-Fi adapter, and flashing my router to DD-WRT. From then on the only vulnerable entry was the XP machine.

Since then I have learned from my mistakes (and have become quite paranoid): unique passwords (Lastpass), and a vast array of security programs.

Is the above router more secure than what I already have? DD-WRT is advertised as being an "unlocker" of features usually reserved for relatively expensive ~200$-ish routers.

I haven't used your router, so, no idea how secure (or good) it is. I was just saying that the router I mentioned can be used to track lots of stuff, and, in general, has better features, and more powerful than any USB stick based ones. I can't tell you if it would be worth it to you or not.

I assume you know who this person who broke into your system, and so, I would file a police report against them, since breaking into someone's computer is illegal.

 

[Raskolnikov]

Just noticed that I confused my Wi-Fi USB key, (Rampage IV has WLAN native support - GG ASUS) as my router model. I have a Cisco/Linksys E1200-CA running DD-WRT.

I don't think there's any unicorn that will fix the issues with security that you've experienced. Except for some published backdoor vulnerabilities all consumer grade routers, even with alternative firmware, have similar features for security. You are much better off examining your own activities that lead to security compromises than you are looking for the right router to protect you.

That's what I thought. However, there seems to be a market for high-security routers? Newegg even sells dedicated hardware firewalls. (which I didn't know even existed) For regular wireless routers, it even goes as far than $400-500.

I haven't used your router, so, no idea how secure (or good) it is. I was just saying that the router I mentioned can be used to track lots of stuff, and, in general, has better features, and more powerful than any USB stick based ones. I can't tell you if it would be worth it to you or not.

I assume you know who this person who broke into your system, and so, I would file a police report against them, since breaking into someone's computer is illegal.

It's a long story to write; as such, let's just say that my network is no longer compromised by the said individual.

However, I've become relatively paranoid about this occurring once again.

 

[smitbret]

Just noticed that I confused my Wi-Fi USB key, (Rampage IV has WLAN native support - GG ASUS) as my router model. I have a Cisco/Linksys E1200-CA running DD-WRT.



That's what I thought. However, there seems to be a market for high-security routers? Newegg even sells dedicated hardware firewalls. (which I didn't know even existed) For regular wireless routers, it even goes as far than $400-500.



It's a long story to write; as such, let's just say that my network is no longer compromised by the said individual.

However, I've become relatively paranoid about this occurring once again.

Let's just say that the internet is so big that most routers are already about as secure as they can get without seriously compromising your access to websites and content. There things you can do like disabling add-ons, AdBlock software, software firewalls, anti-virus, etc., but these are all customizable things that don't belong on a router in the first place.

 

[azazel1024]

Let's just say that the internet is so big that most routers are already about as secure as they can get without seriously compromising your access to websites and content. There things you can do like disabling add-ons, AdBlock software, software firewalls, anti-virus, etc., but these are all customizable things that don't belong on a router in the first place.

No, not really. Most routers have lots of exploit holes and router manufacturers pretty much universally suck at finding and fixing vulnerabilities, or even fixing ones that are reported to them (or running automated exploit tools before they ever release the router).

The biggest problem is this applies to ALL router manufacturers of consumer routers. SMB and enterprise router manufacturers are somewhat better about this, but then again you tend to pay for that and/or pay support contracts then.

What you can do is try not to buy a nearly no name router, try to stay on top of firmware updates (if/when there are any, since lots of guys might do 2-4 firmware updates in the first year and then there might not ever be another one) and disable any and every service you do not need. Disable UPnP, disable remote (over WAN) admin abilities, etc., etc.

 

[JackMDS]

Though the Sub $200 are called Routers there is big differences between them and Active Industrial Routers that are also used as Security Appliances.

Entry Level Router main security is The NAT (aka NAT Firewall) and in this they are basically the same..

The differences in security between the Entry Level Routers are the Users rather than the Technology.

Most user do not bother to understand how their "Gizmo" works and end up exposing themselves to Internet/Network hazards No matter which Brand/Model they buy.

When you get a Router.

First I make sure that there is No "Feature that allow the Router manufacturer to connect at will to my Router through the Interent even when it is masqueraded under Auto Firmware refresh. If you find such feature disable it.

Never Use WPS, for Wireless security Disable and configure manual WPA2/AES.

Disable uPnP.

Go thought every entry of the configuration Menus and make sure that you know what it does and what its safe configuration.

To make live easy I tend to Buy DD-WRT compatible Routers and Flash. By doing so I do not have to learn new Menu structure too often.
------------

As for Inexpensive Routers.

There is always reasons why they are inexpensive, and it Not because the vendor is a Nice and want to save you money.

In many cases the Cheapos are simply Not reliable hardware wise. I.e., low level vendors buy chipset and other components that did not pass rigorous QA control, assemble them with renamed OEM firmware and sell them for fraction of the cost of reliable Brand names.

Then it become a matter of percentage. Some of these units can work well while most of them fail after a while or under perform. The fact that hear from some members of Internet Forums that they bought these units and they work well not mean that they lie. It just means that they are part of the 10% that lucked out with of the Good units.

 

[smitbret]

No, not really. Most routers have lots of exploit holes and router manufacturers pretty much universally suck at finding and fixing vulnerabilities, or even fixing ones that are reported to them (or running automated exploit tools before they ever release the router).

The biggest problem is this applies to ALL router manufacturers of consumer routers. SMB and enterprise router manufacturers are somewhat better about this, but then again you tend to pay for that and/or pay support contracts then.

What you can do is try not to buy a nearly no name router, try to stay on top of firmware updates (if/when there are any, since lots of guys might do 2-4 firmware updates in the first year and then there might not ever be another one) and disable any and every service you do not need. Disable UPnP, disable remote (over WAN) admin abilities, etc., etc.

Yeah, you're right.

I guess in my mind I kind of lumped Router Configuration in with Best Practices on their workstations.

 

[Blanky]

...

I had Upnp enabled. Google confirms it seems a bad idea to keep this enabled; it no longer is, thanks!

 

[Raskolnikov]

Thanks for everyone's help so far.

My reformulated question sent to Cisco: (any other companies I should perhaps contact?)

I am not a small business owner, but I am interested by the more numerous and stronger security features generally included with the aforementioned devices. Namely, I am very concerned about my network being exploited or hacked; DoS, brute-force attack, ARP poisoning, etc. Threats that I doubt my otherwise well-configurated Cisco E1200-CA could do much against, even with DD-WRT and WPA2.
At the same time, I am also searching for a device with the regular qualities (good data transfer speeds, SPI & NAT, VPN, QoS) of a home network wireless router. My network is composed of three computers, two tablets, one smartphone, and two streaming media devices. Moreover, it is possible that it will increase in size in the future.
Based on this (assuming I included enough relevant information), which models would you recommend? My budget should hover around 200-250+ USD.

 

[smitbret]

Thanks for everyone's help so far.

My reformulated question sent to Cisco: (any other companies I should perhaps contact?)

I am not a small business owner, but I am interested by the more numerous and stronger security features generally included with the aforementioned devices. Namely, I am very concerned about my network being exploited or hacked; DoS, brute-force attack, ARP poisoning, etc. Threats that I doubt my otherwise well-configurated Cisco E1200-CA could do much against, even with DD-WRT and WPA2.

Not sure what you are doing in your spare time, but the average citizen (or even very above average citizen) just isn't interesting enough for a hacker to dedicate the time and resources to using those tools to get into your system. With the millions (billions?) of people/targets on the internet it's just easier to move on and find an easier target. In general, they will hack into systems that they can get into easily and quickly lose interest if they can't.

However, if you really think you need it, some of the guys here that work in corporate IT should have some recommendations.