Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I would like to earn my Network+ certification, and I am trying to learn more about security.
Everything I've read online says that consumer-grade routers are CRAP and offer little to no security.
I suppose if you dropped a couple of grand on a fancy business-class Cisco router, you'd have more configurability and security, but that is more than I need at home.
So is there something in between which would allow me enough configurability to apply Network+ skills and enough security so I could feel like my router is actually protecting me?
Distribution: Debian testing/sid; OpenSuSE; Fedora; Mint
Posts: 5,524
Rep:
You can pick up a Watchguard firewall appliance on eBay for $50-100.00. They have integrated switch and router, and are quite configurable from the built-in web server interface.
Last edited by AwesomeMachine; 04-19-2018 at 10:49 PM.
Many consumers aren't smart about consumer-grade routers. They don't change the default router password and they don't manage the ports properly. Then, again, many consumers have no idea about how the internet works.
Rule One: Establish a new, unique password for accessing the router configuration. This is the most common failure, as default passwords are, by default, public.
Rule Two: Close all public-facing ports except ones that must be open (which, in most cases, is none).
Many consumers aren't smart about consumer-grade routers. They don't change the default router password and they don't manage the ports properly. Then, again, many consumers have no idea about how the internet works.
Rule One: Establish a new, unique password for accessing the router configuration. This is the most common failure, as default passwords are, by default, public.
Rule Two: Close all public-facing ports except ones that must be open (which, in most cases, is none).
When you say "close all ports" I assume you do that on a firewall, right?
Or do you do that on your computer?
If the former, can that even be done on a consumer-grade router?
The WRT versions offer maybe the most one can put in a home router. Building iptables and the ability to make large complex ones tends to offer choices for these products.
You can install something like Untangle firewall or other firewall distro that goes into layer 7+ protection.
The WRT versions offer maybe the most one can put in a home router. Building iptables and the ability to make large complex ones tends to offer choices for these products.
You can install something like Untangle firewall or other firewall distro that goes into layer 7+ protection.
This is what I'd go with. Find a consumer grade that works with these, and upgrade it to the much more capable software.
The WRT versions offer maybe the most one can put in a home router. Building iptables and the ability to make large complex ones tends to offer choices for these products.
You can install something like Untangle firewall or other firewall distro that goes into layer 7+ protection.
One of the first hobby OS's to be placed on a soho router was maybe DD-WRT. It went on a Linksys WRT router. Names that include WRT and others like merlin are popular. OpenWRT and such.
well anyway may i ask why you go the router route and do not care for your operating system, behaviour on your consumer tools?
i see it just as gateway, gateway to the net.
i also wonder when you talk about security that you never heard about custom firmware. later they renamed it to tomatoe and such. The poster above me explained the first versions of custom firmware.
AS I managed to destroy hardware wise two of those fancy network "gateways" i'll refuse to spend any money on them anymore.
well when you do not want to spend money for a reasonable priced car you get only consumer grade routers.
You complain about the software. I complain about the technical specs. Summary consumer crap. Most often indicated with the gamer tag these days
Side note.
SteelCitySteve didn't claim to posses advanced skills.
The choice of wording could be more professional.
Kind of as post #2, a router isn't a security device. One protects their network by using as many best practices as they can. Generally a perimeter firewall is used along with many other tasks.
I'm pretty sure I saw some web site that offered the ability to configure a virtual cisco router.
Side note.
SteelCitySteve didn't claim to posses advanced skills.
The choice of wording could be more professional.
Kind of as post #2, a router isn't a security device. One protects their network by using as many best practices as they can. Generally a perimeter firewall is used along with many other tasks.
I'm pretty sure I saw some web site that offered the ability to configure a virtual cisco router.
I just spent the last 6-8 months learning how to secure my Mac computer. And part of my learning stumbled across the fact that most people's Internet connections and networks at home are horribly insecure.
When most people connect to the Internet they use what is commonly called a "router", although I believe a router/switch is a better term.
What I am trying to learn is what things can an average consumer do to really beef up security on their home networks/Internet when they probably lack advanced networking just as I lack them!
I thought maybe there was a middle ground where a person could buy a router/switch that would be substantially more secure - even if it required some configuration - but not to the point where you'd need to be a command-line/Linux geek!
Also I am curious if a consumer forked over $800-$1000 for a Cisco router and/or firewall, if that would make their Internet connection completely safe, or is it still not that easy.
When I good "How to secure your home network" I see lots of articles talking about all of the vulnerabilities in home routers like Linux.
I'm trying to find a way to eliminate those threats for myself and friends and family without requiring a PhD in networking.
I don't hear anyone jumping up and down saying I'd be more secure with a Cisco router or firewall... (Interesting)
Also, isn't there a way to create an industrial-strength Internet connection without needing a computer and software? I was hoping I could buy a device(s) and secure them using firmware and software on the devices.
Lastly, to get great Internet security, is a great hardware firewall more important, or is a great router/switch more important?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.