Good wireless router for small business

I'm in the market for a good wireless N router for a small business. We are currently running a Linksys WRT54GL with Tomato 1.28 flashed. It's working great but the signal does not reach all the way to the front of the store very well since it's going through a few block walls and several metal display units. I'd like to upgrade us to a wireless N network and move the old Linksys up front to act as a repeater. I'll probably hardwire that since I doubt it'll support a wireless repeater bridge mode.

I've been looking at various routers but nothing seems to get really good reviews in the current N class models. The WRT54GL still rules the kingdom is seems. Can anyone recommend any good wireless N routers that would fit my needs? I'm willing to flash one to TomatoUSB if that'll make a huge difference from stock firmware.

 

If your happy with Tomato, I would recomend the Asus rt n16 or a Netgear 3500L, these run TomatoUSB great.

I have upgraded from a wrt54g years ago to a buffalo whr-54g-hp and recently to a 3500L and get about twice (3db) better reception range and quality indoors (1 floor away) from the buffalo (which was an improvement on the wrt54g). There is a small increase in transfer speed, but far less drop outs.

Cheers, Nick

 

Thanks for the input. Those are two of the ones I've been looking at. It seems various people have problems with them but I think that any router now since everything is built so cheaply. I doubt the boss want's to pay for a corporate class router.

 

If you can run Ethernet cables, then it would be better to go completely wired - for security reasons alone. Sure, a wireless network can be secured, but it takes a much greater involvement by someone. Plus, you cannot hide a wireless network. Badguys will know you have computer equipment in there.

If you business deals with credit card and other personal information, full wired is the way to go, and it is cheaper too.

 

I can't go fully wired since some of the PCs are laptops. However, we do not run credit card transactions over the internet connection and our computers do not store that information anyway. The actual processing goes through a separate terminal.

As far as security goes, I have WPA2 encryption with a passkey of 50 random characters. I also have MAC filtering setup to allow only listed devices to connect. Each computer has ESET NOD32 AV on it, firewalls enabled, Firefox browser with Adblock and NoScript installed and the whole network runs through OpenDNS with all of the dangerous categories blocked. I've never had an issue with security so far. There are also several unsecured networks near me that are probably more appealing than hacking into mine.

 

I don't know of any notebook/laptop that does not support Ethernet too. But if impractical, then it is impractical.

It is the wireless network that matters most in terms of security. A badguy can sit in the parking lot, or adjacent building/office and see, and perhaps hack, a wireless network, then use that network (your IP) for nefarious deeds. To locally hack a wired network, a badguy has to physically connect an Ethernet to your network - not an easy task.

Okay, it certainly appears you have it buttoned down good. And you are right about less secure neighboring networks being more appealing to badguys as they tend to go for the easy pickings. Do not, however, feel that Firefox is the best browser, in terms of security. Sadly, Firefox (and Chrome) have fallen behind while at the same time, Microsoft has pushed Internet Explorer 8 and especially IE9 ahead. Microsoft, after years of being bashed for a security situation they did not create (badguys did that), has put security first. And it shows with IE, Windows 7, MSE, etc.

Not trying to start a best browser discussion - I am just saying don't believe FF (or Chrome) keeps you more secure than IE. It does not - so security should not be used as a criteria in choosing a browser. It is really just a matter of personal choice for the look and feel - assuming the computer is fully updated and secured otherwise.

I recommend anyone interested in security subscribe to the Department of Homeland Security's US-CERT Cyber Security Bulletin Vulnerability Summaries. A look back through the weekly archives will reveal how Chrome and FF have slipped over the last couple years.

For the record, I have a Netgear WNR3500L wireless-N Gigabit router that I am very happy with. The range is much greater than with my old Linksys 802.11g router. Still, range is determined by a large part by the computer's adapter, as well as the router's location/antenna orientation. For notebooks with built-in wifi (internal antenna) range may still be a factor if there are several walls, floors, ceilings between router and network "node" - especially if walls contain wires and metal pipes.

 

I could hard wire all connections but it's really a convenience thing. The owners don't like to have to plug in or out when taking the laptop with them.

I know the wireless will always be the weakest link, but since I have to have it in this situation I'm trying to keep it as secure as possible. We are also careful about secure shares between the networked PCs.

The only reason I mention using Firefox is because I'm using NoScript with it really. We are careful to avoid dangerous websites (WOT is installed) and we keep all scripts blocked unless we are confident of the website. Our firewalls are also configured in stealth mode and periodically tested. I hope I'm doing the best job possible with it.

 

I hear you. Convenience is not really an excuse, but I hear you!

It sounds like you are doing a great job! I hope all your users are as conscientious as you are because the user, not wireless, is your weakest link.

As for Firefox, if everyone is happy with it, no need to force a change. That said, please understand the script concerns with earlier versions of IE is no longer an issue with IE8 (for XP users) or IE9 (for Vista/7). Again, security is not a criteria for not using IE.

 

I hear you. I know IE is much better than it use to be but I personally don't really like it. I've used Firefox for years and Chrome periodically.

 

And that is the only real legitimate reason to use an alternative. But nevertheless, even if you do use Firefox (or Chrome) as your default/primary browser, you should still keep IE fully updated along with the rest of your system - just as a part of good security discipline to stay patched and updated.

 

Yep, I'm not one of those types that won't allow Windows Updates because I'm afraid it'll break more than it fixes. That may have been true periodically with XP but I've never seen it to be the case with Vista or Win7.

 

Today, it is kind of like those who don't wear seatbelts claiming it is because they might get trapped. While that is a "remote" possibility, it is more likely you will be thrown from the car and/or tossed about so you cannot regain control, and therefore you will be more severely injured or worse, you will cause greater harm, or even death to others.

That said, on my own systems, I still have Windows Update set to download and let me decide when to install - just so it does not interrupt what I am doing. But I still install them as soon as possible. Turning off Windows Update altogether is a mistake - at least with Windows 7.

In the 2 1/2 years since I have been using Windows 7, I have not had one update break any of my systems.

 

tomato rt16 prob one of the best tomato routers out there imo and has great range. im on the other side of the fence i personally prefer wireless in some cases and i feel with the right security it can be just as safe. but if you need a good all around router the rt16 is great unless you want to go cheaper then the rt13 is a good alternative. and i also agree with netgear as another option though i prefer the 3700 to the 3500 myself. a good reason is the way it handles guest networks. and has the ability to actually have 4 separate networks if needed 2 on 2.4 and 2 on 5 band.. by doing this you can actually have select people on select networks and others on another...

but as long as you are running the wireless set up properly unless someone really wants to target you using wpa2 with aes is not very easy to get into at all. and then on top of that you can run a decent firewall i set a lof of clients up this way and they dont have issues. also make sure they key you are using is the max (if possible) security possibly which ill be happy to help with if you need it. i do this for companies daily as i own the business let me know if i can help.

and i 100% DO agree with windows updates they are there for a reason and should be applied

 

I am not saying wireless networks cannot be secured from hacking - they can without much difficulty at all.

But the problem is if you have a wireless network, you announce to the world, or your neighborhood anyway, that you have a computer network in your home or office. The RF (radio frequency) transmissions cannot be hidden, or blocked at your properly line. It is a simple matter for a badguy or a nosy neighbor to detect your network - even with SSID Broadcasting turned off. And from there, they can work at hacking the network, or wait down the street for you to leave so they can break in and steal the computers they know are in there.

And sadly, using your dog's name as your passphrase is easy for a nosy whizkid neighbor to figure out - then use your network to create mischief. Yes, a security aware user would use a strong passphrase and MAC filtering, etc., but sadly, too many wifi users don't. They are just happy they connect with the default settings, then are afraid to touch anything.

With all Ethernet, a badguy out in the street (or across the apartment complex) cannot use his $10 directional antenna to determine if you have a computer network in your home or office.

So yes, a wireless network can be tightly secured, but it takes a conscientious effort on the part of that network administrator to secure it, and keep it secured. But even then, having a wireless network is pretty much the same as putting a sign out front of your house or office saying you have computers inside.

 

Honestly though, how many businesses don't have computers inside? Computers are a part of nearly every business now days. You can assume there is a computer in just about every business if you really want to break in and steal one.

 

All I am saying is wireless networks are exposed. You cannot prevent that exposure, or discovery. Therefore, wireless network are more vulnerable to hacking and consequently, require more of an effort to secure than Ethernet (wired) networks.

 

why cant you simply hide your ssid? it doesnt need to be broadcasted... you can simply add the mac address to the router and then no one knows the difference... unless they want to load up backtrack or airmon etc.. but most of the time no one is going to do that if you are not broadcasting the ssid..i have some very high end clients lawyers, recording artists and record producers etc on full wireless and they are all very happy with it and never have had issues i make it as secure as possible. even using the longest keys you can etc... 99% of the time unless people are wardriving or looking for it without the network info being broadcasted you will not be bothered..

 

Hiding the SSID does not hide the network - it simply means the SSID will not be broadcast. Any wannabe hacker will simply laugh at that. And spoofing MAC addresses is easy too.

Well, that's what badguys do! They look for networks to hack - typically so they can use your IP address to send spam, or to participate in a DDoS attack.

Once again, I am not saying you cannot secure a wireless network, I am just saying, "wireless networks are exposed. You cannot prevent that exposure, or discovery. Therefore, wireless network are more vulnerable to hacking and consequently, require more of an effort to secure than Ethernet (wired) networks."

 

True, but if WPA2 is being used with AES and a 50 key passcode I see no reason not to use it. I have seen NO real world example of where someone has cracked WPA2 with AES by anything but brute force, which will not happen in this lifetime with a 50 character passcode...

In response to the original question, I like the D-Link DIR-655 and have been running one where I work for the last 3 years with no issues and no hacks. SSID hiding and MAC filtering not used or necessary.

 

Nobody is suggesting otherwise.

You may be a man of the world but because you have not seen it does not mean it has not happened. A simple Google search shows it is not uncommon. NEVER assume your network cannot be hacked. If a determined badguy is targeting you, with the correct equipment and time, he can get in. AGAIN I SAY, a wireless network can be secured. But it takes a conscientious effort on the part to the administrator to do it. Sadly - all too often users fail to properly secure their network.

Half of all wireless networks can be hacked in less than 5 seconds

And ONCE AGAIN, wireless hacking is not a concern, or worry with Ethernet.

 

That does say WPA2 but it does not specify WPA2 with AES only. I have seen examples of WEP, WPA and WPA2 with TKIP all cracked. I am not aware of an AES only network being cracked and I would have to see it happen in front of me to believe it

True, but most of those are wide open. Those aren't even really hacked, they are just joined... WEP can be hacked but definitely not that quickly, still quickly enough.

Sorry to offend you, but that was not the impression I was getting.

 

You did not offend me, and there is no offense meant on my part. But note you continue to debate a point not under discussion.

Come on! Then plug AES in Google and see what you get.

Well, having worked secure networks for 40+ years, I can tell you I know of no security expert who waits to see something firsthand before taking it into consideration. Taking a reactive approach to security, instead of a proactive approach, is a great way to be too late.

 

i was simply saying that the network would not be seen to the normal person browsing for networks with their wireless. i did in fact say that the right person can still get the info did i not?

but a lot of business' do not want the network name broadcast out there and while this does not make it totally hidden it does for a normal person looking for a network the connect to for free or otherwise.

i agree with wpa2 with aes and a good key and i did not ever say it was 100% failsafe but i have yet to see anyone i know personally get hacked into who has it setup right and trust me i would have heard about it within minutes of it happening with a phone call or otherwise

 

Normal person? Normal people don't hack networks! None of my comments suggested anything about "normal" people hacking networks. Starting with my first post in this thread, and repeating it often thereafter, I have been saying, "badguys".

Just like the lock on your front door, it is not there to keep "normal" people out. It is to keep badguys out. But also like the lock on your front door, a determined badguy, with the right tools (also readily available), may be slowed a little by a lock, but it will not keep him out.

And again, turning off SSID does NOT turn off the wireless network. ANY wannabe hacker with a wireless notebook can drive around your neighborhood and "see" your network - regardless how conscientious you are or how secure you make it. Getting in is another matter and this is where home network users have a big disadvantage - because (1) "normal" users are not IT or security experts and (2) home networks often have "nosy" neighbors - people who might know your kid's or pet's name (common, but "weak" passwords).

We have to use a bit of common sense here. If a wireless network could be totally secured with a $100 router, banks, credit card companies, corporate and government secure networks would be a lot easier and cheaper to secure.

The vast majority of badguys are opportunists. They don't like lingering around if there is something easier down the road. As the person responsible for securing your network, it is your responsibility to remove the "easy pickings" so the badguy simply moves on to an easier target. So certainly disabling SSID broadcasting, MAC address filtering, and secure encryption with a very strong passphrase will deter the vast majority of badguys and nosy neighbors. But some badguys are professionals, very clever and very determined. Do not assume you are totally secure - ever.

The fact of the matter is, NO wireless network should broadcast the SSID, unless you want people to find you - such as with an Internet cafe, public library or some other free wifi zone. For a business network for your employees, or your home network, you should disable SSID broadcasting when possible.

 

Quite old but still true:
http://www.zdnet.com/blog/ou/the-six-dumbest-ways-to-secure-a-wireless-lan/43