[GLLUG] OT: secure router for home network
John Edwards
john at cornerstonelinux.co.uk
Thu May 24 08:02:49 UTC 2018
Hi
On Thu, May 24, 2018 at 01:05:33AM +0100, gvim via GLLUG wrote:
> What's currently the most secure router at a reasonable price for a home
> network?
A similar question came up on Slashdot a few days ago:
https://mobile.slashdot.org/story/18/05/17/2129211/ask-slashdot-which-is-the-safest-router
And the answer is really that it depends on what you want, what
knowledge level you have, what you trying to secure against (eg
internal or external attacks, using a web proxy to filter out
malicious web content, etc), and what you need it to do (eg port
forward to an internal machine).
I would probably include the following requirements:
1) No default passwords or ports open from the Internet by default.
2) Prompt security updates for many years (most cheap home routers do
not get this).
3) Fine control on firewalling, including the ability the block IP
ranges and limit port forwards to certain addresses.
4) Able to be add optional software to cover other tasks (eg DHCP,
local DNS, filtering web proxy, etc).
5) Active response to attacks, such as via fail2ban (less important).
To my own mind a small PC running a minimal install of Linux or BSD is
probably the easiest way to cover all those for someone with an
existing knowledge of the OS and the firewalling software. There are a
range of firewalling software that can sit on top of Linux's iptables
to make it easier to setup and change. I use shorewall because it has
text based config files, but it is not the easiest for someone who is
not already familar with networks.
For a BSD based systems, pfSense is an all in one system has an easy
install and a web based GUI that may be useful for some people. Last I
heard though they can been bought out by a commercial company and were
in conflict with a free fork called OPNsense (and with dirty tricks
used by the owners of pfSense):
https://en.wikipedia.org/wiki/PfSense
https://en.wikipedia.org/wiki/OPNsense
One possible "all in one" equivalent for Linux would be Untangle,
although I've never tried it so can't comment:
https://en.wikipedia.org/wiki/Untangle
On the commercial side, Draytek sell routers in the £150+ range that
can also do some of the above. Security and other firmware updates are
provided for many years but I'm not sure how prompt they are.
I hope that gives you a few starting points.
--
#---------------------------------------------------------#
| John Edwards Email: john at cornerstonelinux.co.uk |
#---------------------------------------------------------#
More information about the GLLUG
mailing list