I would like to earn my Network+ certification, and I am trying to learn more about security.

Everything I've read online says that consumer-grade routers are CRAP and offer little to no security.

I suppose if you dropped a couple of grand on a fancy business-class Cisco router, you'd have more configurability and security, but that is more than I need at home.

So is there something in between which would allow me enough configurability to apply Network+ skills and enough security so I could feel like my router is actually protecting me?

Router ain't nothing but a dumb switch.

Can't say the enterprise level stuff is secure but I'd suspect one could make it more secure over SOHO.

Could get a used switch/smart switch/ router.

There are or were a few OS's that simulated switch behavior. I think one was similar to cisco.


A lot of hobby users will have something DD-WRT or other on. They tend to be updated on newest hardware somewhat often.

You can pick up a Watchguard firewall appliance on eBay for $50-100.00. They have integrated switch and router, and are quite configurable from the built-in web server interface.

1 members found this post helpful.

Many consumers aren't smart about consumer-grade routers. They don't change the default router password and they don't manage the ports properly. Then, again, many consumers have no idea about how the internet works.

Rule One: Establish a new, unique password for accessing the router configuration. This is the most common failure, as default passwords are, by default, public.

Rule Two: Close all public-facing ports except ones that must be open (which, in most cases, is none).

When you say "close all ports" I assume you do that on a firewall, right?

Or do you do that on your computer?

If the former, can that even be done on a consumer-grade router?

The WRT versions offer maybe the most one can put in a home router. Building iptables and the ability to make large complex ones tends to offer choices for these products.

You can install something like Untangle firewall or other firewall distro that goes into layer 7+ protection.

This is what I'd go with. Find a consumer grade that works with these, and upgrade it to the much more capable software.

Sorry, what is "WRT versions"??

One of the first hobby OS's to be placed on a soho router was maybe DD-WRT. It went on a Linksys WRT router. Names that include WRT and others like merlin are popular. OpenWRT and such.

cisco and secure, cough

in the old days it was always a mixture.

well anyway may i ask why you go the router route and do not care for your operating system, behaviour on your consumer tools?

i see it just as gateway, gateway to the net.

i also wonder when you talk about security that you never heard about custom firmware. later they renamed it to tomatoe and such. The poster above me explained the first versions of custom firmware.

AS I managed to destroy hardware wise two of those fancy network "gateways" i'll refuse to spend any money on them anymore.

well when you do not want to spend money for a reasonable priced car you get only consumer grade routers.

You complain about the software. I complain about the technical specs. Summary consumer crap. Most often indicated with the gamer tag these days

Side note.
SteelCitySteve didn't claim to posses advanced skills.

The choice of wording could be more professional.

Kind of as post #2, a router isn't a security device. One protects their network by using as many best practices as they can. Generally a perimeter firewall is used along with many other tasks.

I'm pretty sure I saw some web site that offered the ability to configure a virtual cisco router.

I just spent the last 6-8 months learning how to secure my Mac computer. And part of my learning stumbled across the fact that most people's Internet connections and networks at home are horribly insecure.

When most people connect to the Internet they use what is commonly called a "router", although I believe a router/switch is a better term.

What I am trying to learn is what things can an average consumer do to really beef up security on their home networks/Internet when they probably lack advanced networking just as I lack them!

I thought maybe there was a middle ground where a person could buy a router/switch that would be substantially more secure - even if it required some configuration - but not to the point where you'd need to be a command-line/Linux geek!

Also I am curious if a consumer forked over $800-$1000 for a Cisco router and/or firewall, if that would make their Internet connection completely safe, or is it still not that easy.

When I good "How to secure your home network" I see lots of articles talking about all of the vulnerabilities in home routers like Linux.

I'm trying to find a way to eliminate those threats for myself and friends and family without requiring a PhD in networking.

Does that make sense?

And can you better answer my questions now?

You can do that in a firewall (and I do), but you can also do that in most routers.

It is wise to do so.

Also, as an aside, a router is not a switch. A switch is nothing more than a smart hub.

Switches don't route.

https://www.webopedia.com/DidYouKnow...switch_hub.asp

I don't hear anyone jumping up and down saying I'd be more secure with a Cisco router or firewall... (Interesting)

Also, isn't there a way to create an industrial-strength Internet connection without needing a computer and software? I was hoping I could buy a device(s) and secure them using firmware and software on the devices.

Lastly, to get great Internet security, is a great hardware firewall more important, or is a great router/switch more important?