Hi all, I am currently using a TP-Link TD-8970 tightened up but looking to step up the game a bit more. I am looking for a unit that lets you install open source firmware like DD-WRT or Tomato to further increase the safety capabilities of the router. I'm in a home network, only 1 laptop and currently using a wired connection. Any personal recommendations? I live in Australia so it will be helpful if the product can be purchased globally. Thanks in advance.
The higher end Linksys AC Routers can be loaded with open source WRT firmware. Linksys AC. 1900 gigabyte + dual band is $170 USD on Amazon US. Linksys has an au website. Google linksys au. Linksys support is very good, but it's online My Linksys Dashboard stinks. But if your gonna use WRT Open Source the Linksys online dashboard would not be needed.
Take a look at the Shibby Tomato compatible router list. http://tomato.groov.pl/?page_id=69 At the high end the most expensive ones are not much more than $100US. For just one connection, it won't require that much of a router. I just bought one of the EA ARM routers directly from Linksys for just under $40. The better E series N600 routers can be had used for around $20. DD-WRT has a lot bigger list of supported routers but a lot of them require a licensing fee to activate.
I rather invest in a potent hardware firewall...far more effective. Anyway, every people has its personal objectives.
Yeah, that caught my eye too. Military grade would cost much more than a couple hundred dollars, be rack mounted or "ruggedized" for mobile or deployable operations. Frankly, other than showing its age and only being 300Mbps, I see nothing wrong with your current TP-Link TD-8970. That is, you can do fine with the same quality or "grade" of router. I would just recommend one that is a little faster, supports 802.11ac and the latest wifi security/encryption protocols. And if you need USB support, one that supports USB 3.0. Did you mean to say globally? Or did you mean locally? Knowing your budget would help.
Military grade does imply rugged hardware. Netgear used to make metal clad routers that were pretty tough but these days it's all plastic. I generally find the Cisco/Linksys routers to be the best in build quality and have never had a hardware failure on one. In terms of software, all the linux routers are using iptables and tightening the firewall means adding custom iptables rules. This is no different from any other linux device. In Tomato, there is a script section for adding firewall rules. If the router has a USB port, the scripts can be moved to a USB flash drive and linked to in the firewall rules section which overcomes nvram limits on script length and makes editing much easier. Tomato and DD-WRT allow you to lock down administrative access in numerous ways. It can be locked down to one LAN IP for web, telnet and ssh access. Just set a static LAN IP for the chosen device. Or for a more relaxed but still fairly secure configuration, only allow wired admin access from the local subnet.
Yes it does. As I said above, if designed for mobile use it will be ruggedized - if "military grade". If not for mobile use, then it will be a rack mounted router. No router designed for home or small office use is "military grade". Please note via the link in my sig that I might know a bit though personal experience what is and is not "military grade" hardware. And also note it has nothing to do with a case being made of metal or plastic. Metals are typically too heavy and too malleable. Plastics can be made tough as steel, remain resistant to heat and can insulate against heat, and remain lightweight. Steel and aluminum case metals will dent or bend out of shape long before "military grade" plastics will crack. Oh, and note that "marketing hype" that claims "military grade" does not mean it really is "military grade". It most likely is just hype.
Right on, @Bill_Bright And as @guest says, better is having a solid hardware perimeter router/firewall, and then using the WiFi router mostly as an AP. I like pfSense, because you get enterprise level with commodity hardware. So you spend maybe $400-$800 instead of $10000.
Yes but PFsense is overkill for a one laptop setup. A router running a good build of shibby is a pretty powerful low cost lightweight solution with a budget of $20-$100. For that, you get iptables, DNScrypt, a couple of VPN tunnels, NAS storage, a DLNA server, an FTP server, VLAN capabilities that can be spread across 4 LAN ports and mulitple Wifi SSIDS and quite a bit more with less of a learning curve.
What does the number of connected devices have to do with it? Absolutely nothing! The security needed is dependent on the sensitivity of the data, and the likelihood of being targeted, not whether there is 1, 2, or 10 connected computers. The fact of the matter is, the vast majority of home computer users can easily get by with just a simple, basic router, a little common sense, and avoiding risky behavior. Common sense means to change default passwords and passphrases to strong ones that are not your dog's name, wife's birthday, etc. By avoiding risky behavior I mean no illegal filesharing via Torrents or P2P sites, don't visit illegal pornography or gambling sites, don't be "click-happy" on unsolicited links, attachments, downloads and popups, and keep Windows and security apps current. If you live in a crowded apartment complex, you do need to be a little more diligent at monitoring your wireless network because you cannot see around you. Threats can come from all side, plus above and below you - from neighbors you may never meet. If you live in a house, threats come from a limited number of directions. And hopefully someone would see a bad guy sitting in an unfamiliar car parked outside pointing a directional antenna at your house. It is important to note that most bad guys are opportunist. If they see any resistance, they quickly move on to easier pickings - UNLESS they are specifically targeting you because they know you have valuable information they want on your connected devices. And in that case, you have bigger problems.
Not the number of connected devices per se, but the budget and what you get in terms of firewalling and security for it. The old saying of using a shotgun to kill a fly applies. And these days, the internet of things comes into play. A lot of the devices that are commonly connected to a router are in no way secure or trustworthy. It is best to isolate them to a separate subnet. Not only do a lot of them come with manufacturer supplied spyware, most of them are surprisingly easy to compromise. If there is only one device on the network, there is only one that can be pwned. Security is much simpler and does indeed depend a lot on user behavior.
Yeah, when baby monitors, smart TVs, refrigerators, and streaming devices can be hacked, you do need to be more careful these days. But even if you have the fanciest, most secure router available, you still need to button up each computer on your network.
Here ya go -- NP Aqeri 98213 Rugged Military 4U Router http://aqeri.com/en/produkt/98213-rugged-router 40 G/ 4 bump/second torture test here: https://www.youtube.com/watch?v=cDwOdAcqWDw Very practical for the home user who is prone to kick their equipment when a glitch develops.
4U is too big. For only $24,000 you can get two of these and take up the same amount of space, and support wireless too.
