What are some of the most secure and "elite" wireless routers?


Recommended Posts

Hi,

 

I am not a small business owner, but I am interested by the more numerous and stronger security features generally included with the aforementioned devices. Namely, I am very concerned about my network being exploited or hacked; DoS, brute-force attack, ARP poisoning, etc. Threats that I doubt my otherwise well-configurated Cisco E1200-CA could do much against, even with DD-WRT and WPA2.

 

At the same time, I am also searching for a device with the regular qualities (good data transfer speeds, SPI & NAT, VPN, QoS) of a home network wireless router. My network is composed of three computers, two tablets, one smartphone, and two streaming media devices. Moreover, it is possible that it will increase in size in the future.

 

 

Based on this (assuming I included enough relevant information), which models would you recommend? My budget should hover around 200-250+ USD.

Link to comment
Share on other sites

Hello,

 

I think you're looking for two things here, one is a management and reporting system, and the other is the wireless gear that it monitors.

 

You might want to look into wireless gear from companies like Aerohive, Aruba and Meraki (now a part of Cisco).  MicroTik and Ubiquiti might also be options.

 

On the software side, there are lots of different options, too:  Cacti, Icinga, Nagios, Zabbix, etc.

 

I would suggest doing some evaluating and figure out what works best for your environment.

 

Regards,

 

Aryeh Goretsky

Link to comment
Share on other sites

You should only be susceptible to an ARP poisoning attack from a wireless attacker if your network is using TKIP for encryption, using CCMP mode blocks those kinds of attack (Nothing can really stop a brute force attack, short of changing your SSID.)

Link to comment
Share on other sites

Cisco Meraki are very secure and since it has no local config it's harder to log in to the admin panel. Also has many security features built in like rogue detection, etc.

Link to comment
Share on other sites

Pickup any wireless router and secure it with a 16 or more character multi worded password utilizing wpa2-psk aes.  If they have a supercomputer they will not be guessing your password in your lifetime, esp if you use made up words (they might be able to guess it before the sun dies out).  Short of that the attack will come from the outside, not your neighbors.  I have an 10+ character password and have yet to be hacked via my neighbors.  Just about anything you buy (even the 20 dollar routers) offer spi and nat. vpn will be a higher end router, entering into the firewall categories or going to a custom firmware.  

 

You could look into picking up a sonicwall via ebay.  Maybe a tz-210w or a tz-215w.  These are business grade.  Also, if you need support you have to register it (even if you want/need to dl firmware) and can be costly if it has been preregistered (unregistered you get a year).

http://www.ebay.com/itm/SonicWall-TZ-210-WIRELESS-N-FIREWALL-NETWORK-APPLIANCE-APL20-065-w-power-adapter-/291321310003?pt=US_Firewall_VPN_Devices&hash=item43d41a6b33 

Link to comment
Share on other sites

As sc302 mentioned the wifi side with wpa2 and secure psk being secure enough, and I agree. To be honest I doubt you have to worry about a DOS or DDOS unless you ###### someone off in a game or something.. And then under such an attack, really nothing you can do if they fill up the pipe to your IP, no matter if you have 2k$ router.. If the pipe is full the pipe is full, you would need to get with your isp to stop such an attack or just change IPs which is simple enough by just changing the mac of the device (router) connected to your isp.

You do understand that arp poisoning would be an attack on your local lan -- so they either plugged in to your network, ie they are in your house. Or are on your wifi - did you do what sc302 mentioned with that secure PSK, using wpa2? then highly unlikely they are on your network. If your worried about isp side gateway someone spoofing mac of the isp, is isp doing it? But sure you could protect against that with static arp, etc..

If you want to move away from the typical off the shelf, I would really suggest moving to a PC hardware or VM even to run your router/firewall - pfsense, m0n0wall, ipcop, etc. lots of firewall/router distro's to choose from. Can run stuff like Snort and or Suricata, easy to use ip blockers. So for example I have vpn to my network.. But in the firewall I don't allow any bad countries to even attempt access by just creating firewall rules with simple packet that allows me to block or create aliases containing netblocks of other countries.

So if you want to play with other options for security/functionality.. Yes 3rd party firmware can turn some decent off the shelf hardware into something way more useful - but its still very limited by the hardware. Going with a router/firewall distro would allow to bring some serious horse power that old I5 desktop would be a screamer for example. You could run your own IPS/IDS, get details reporting of traffic not just some vauge entry in the log about some attack ;)

You then break out your wireless to its own segment, and run whatever you want - you can get a unifi AP, or say a cisco wap371 for home budget pricing.. Run not only wpa2, but use enterprise auth to access with 802.1x -- and even if they get on your wifi, you can have that isolated from your normal lan wired network with specific firewall rules between to allow say access to your printer, etc.

So my advice to you if you want to start getting into more advanced functionally for your network and want to do it on a home budget its time to walk away from the cookiecutter wifi stuff they sell and then don't even update firmware six months later because new model is out, etc.

Link to comment
Share on other sites

Hi,

 

I am not a small business owner, but I am interested by the more numerous and stronger security features generally included with the aforementioned devices. Namely, I am very concerned about my network being exploited or hacked; DoS, brute-force attack, ARP poisoning, etc. Threats that I doubt my otherwise well-configurated Cisco E1200-CA could do much against, even with DD-WRT and WPA2.

 

At the same time, I am also searching for a device with the regular qualities (good data transfer speeds, SPI & NAT, VPN, QoS) of a home network wireless router. My network is composed of three computers, two tablets, one smartphone, and two streaming media devices. Moreover, it is possible that it will increase in size in the future.

 

 

Based on this (assuming I included enough relevant information), which models would you recommend? My budget should hover around 200-250+ USD.

There's not much a router can do to thwart a DDoS.  Essentially a DDoS is somebody sending a metric crapton of traffic to a destination in an attempt to overload it.  Other than unplugging the device from the network, changing the IP address, or removing its name from DNS servers so attempts to contact it don't resolve to your IP, there's not a whole lot you can do about it because something somewhere still has to deal with all that traffic.

 

BudMan pretty much covered everything else.

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.