You could be way more secure with an advanced firewall from some big name company. A router/modem sort of gizmo isn't usually able to do what you really need.

If you want you can start with a soho wrt type opensource install.

You can consider a real or virtual firewall OS distro. Untangle comes to mine but there are more out there.

Pfsense has and OS and a micro appliance too that could be considered.

Security is a collection of tasks.

So you think there is extra value in having something like a Cisco firewall or router/switch?

Any other brands that can be considered "professional"?

Seems like you are in the minority, because from what I have read and others have said, it seems like a lot of people feel that Cisco is no more secure than Linksys, and that I should go the OpenWRT route...


Do all routers/switches in 2018 still require 120V power, or can you buy/build one that is powered off of USB?

Also, could I buy/built a router/switch that would be more like a solid-state device that would run OpenWRT? (When people mention turning a computer into a router/switch, that becomes a space/energy/mobility issue for me!! But if I could get a small device where I could load OpenWRT onto it, and better power it by USB, then that would be a small enough foot-print for my mobile needs.)


I assume a hardware firewall would be better, right? (Or can software firewalls do just as much?)


OpenWRT is not a firewall, right?

If so, then what software firewalls are the best?

And what are your recommendations for brands of hardware firewalls?

Thanks!

Almost every big company runs a perimeter firewall of some big name brand.

There are travel routers that might support both usb and wrt. I think rosewill has one. May be others that can use usb power or battery.

Dedicated professional router/firewall appliances come in two forms really. One is a dedicated hardware device designed to be up to wire speed. The other is a dedicated software hardware combo that performs what they call Unified Threat management.

There are a number of open UTM's that could be looked at. Some require payment for extra plug in's or support. I recommend what is called a layer 7+ type that can look into packets and restrict based on some command.

In all this there is a few terms that are world wide poorly used. A router is not a router in the text book sense. Modern routers are smart switches for most soho devices. They have features above routing. One common program added is iptables or similar to track ip addresses and ports. It alone is not a full UTM.

Openwrt is not a fireall but yet it is. A firewall is another poorly used word. Firewall can mean anything from minimal to very strict. Is a poor firewall a fireall? Yes. Would you wish to use a poor firewall? Maybe, maybe not. Most home modem/routers have a poor firewall that fools users into thinking they have some form of protection.

I'm not saying others are wrong on this thread by the way. Opinions based on 1000 miles away differ always. We don't consider all variables in your house or work.

I recommend buying a book on linux firewalls like Packt Publishing's "Designing and Implementing Linux Firewalls and QoS using netfilter, iproute2, NAT and l7-filter".

Any old computer with 2 interfaces can act as a secure router/firewall....even a Raspberry Pi using VLANs in a "Router-on-a-stick" configuration will work. If you're just looking for lab-style learning, setup a few VMs and go crazy.

How does something like pfSense compare to a Cisco firewall?



Have links? I can't find any that are usb powered.


Some say UTM's are not as secure as dedicated appliances...


What is the difference between pfSense and OpenWRT?

Isn't Linksys == Cisco?

Cisco and other commercial products have a wide range of offering in security. pfsense in my opinion would not fair well against the top perimeter firewall products. pfsense is a good start and a few companies offer hardware plus plug ins to compete in the range but pfsense is only a distro. https://www.techinformant.in/how-to-...configuration/ give some good examples on how one has to configure it to make it secure. In many cases the commercial products are provided as secure and offer tech support and constant updates.

Travel routers usually are powered by usb. I suspect something like this will be. https://www.newegg.com/Product/Produ...0164-_-Product

Configuration and luck seem to be the reason a system is secure.

pfsense is or wasn't designed to be used on soho routers. Openwrt is.

Yes, cisco bought linksys but they maintain separate target customers.

That is disheartening... :-(

When I looked at all of the things you can do with pfSense, it seems pretty sophisticated to me...

I also like that it is open-source - I'm suspicious of proprietary, big enterprise solution because they are often over-priced and not much better for the actual need.




Then by that pfSense should be able to be set up in such a way to provide adequate perimeter security for small-to-medium business, no?


But Netgate sells hardware appliances that come pre-loaded with pfSense, and I assumed those would be a great start for a firewall.

This looks like a nice offering of products to me...

https://www.netgate.com/solutions/pfsense/#on-premises


P.S. In order to try out one of the above hardware firewalls, I need help figuring out how to grab a Wi-Fi signal at my hotel using a router so I can then plug in the above Netgate pfSense firewalls.

Any ideas on how to do that?

https://www.linuxquestions.org/quest...ot-4175629084/

Many admins use pfsense or other similar distro to protect their lan. It is not configured secure by default is more what I meant. I respect both pfsense and netgate. (wish they'd let me have a micro appliance to play with)

I think the smallest netgate arm gizmo has a few issues with maybe iptables or something I forget. Maybe??

You can run a VM or a used computer to start on this project. A virtual machine is free and easy and you just point lan to the green side of the vm. Red side of vm goes to wan.

You could look at firewallbuilder FWbuilder is a great project to help build firewall rules.

Almost every router can be used to connect to a wifi signal and then relay it in some manner. The doc's at dd-wrt are some of the ones I'd use for hints or examples. There are at least two common ways to connect to the wifi. The terms used in some routers have to be watched. One router may call the task different name than another.

But I am here to learn, so as long as Netgate w pfSecure has the *potential* to be secure, then that should be good enough, right?

Or is Cisco superior still?


How so? A bug?

I looked at the tiniest Netgate appliance that is a small as a bar of soap, and it is only $150, and it looks like pfSense can do a boatload of cool security stuff from Firewall to Intrusion Detection...



Here is what I need help doing...

I am in a hotel that has WiFi. They have a log in page. I know if I call tech support they can add my laptops - via IP and MAC - and give me unlimited 30 day access.

My hope was to buy some cheaper Linksys Router, write down the IP and MAC addresses, call the help desk, have them add the wireless router, and then have Internet access via the wireless router.

To be clear, what I want is a way to convert the hotel's Wi-Fi signal and turn that wireless connecting into a WIRED connection coming out of the router. That way I can get a short Cat5 cable, and plug in some Netgate with pfSense firewall device and thus have the makings of a really secure "home" network in my hotel room.

If I can do that, then I can add a switch too!


Does that make sense?

So can you give me some more specifics of how I can capture the hotel's WiFi and find some router - presumably wireless - that will let me turn that radio signal into a signal coming out an ethernet port on the back of the router so I can build a WIRED NETWORK in my hotel??

As posted in your other thread a wifi bridge might work like the following. You will need to add both the extender and the firewall MACs to the hotel WiFi.


https://www.newegg.com/Product/Produ...82E16833122674

This also looks like it will work for you too.

https://www.amazon.com/TP-Link-Wirel...SIN=B00TQEX8BO

Is something way more secure I can't answer. Large companies offer managed and unmanaged UTM products. I say unified because they are a vast number of features. If some company pre-loads or remotely loads updates and set's conditions I'd think it more secure than a first time user might configure. Basically there is not a clean reply to what is more secure. If one had the skill and time, I believe they could secure their system as well as the big name ones for the most part. Do you need all the features just working from a hotel? Maybe, they are known to be sore spots for security.

The Netgate arm based device is another part of this number of questions you have. I looked at buying that product one time and I just don't recall exactly if it did support all the plug in's. Contact Netgate for it's full features compared to other intel based devices.

I can't say how this hotel provides you with service. I can say that almost every router you buy can be set into a mode to take wifi and then allow lan wired connections. Look at the dd-wrt help for how do do that.

Part of that issue contains a secondary issue. That being the small travel routers use a micro version of dd-wrt usually. They can't support huge iptables or other flaws due to the very minimal specs.

Most full DD-WRT devices won't run off a usb. They have a wall wart.

You can take this wifi connected computer and run a VM of untangle firewall or other and then use it's nic to switch/hub on other computers.

I don't understand what these are supposed to do to help me out.

One looks like it "amplifies" a weak Wi-Fi signal - not my issue.

The other one almost looks like it takes a wired Internet connection and creates a wireless network - also not what I want.

You're missing the point...

I am trying to convert the hotel's WI-Fi into a wired signal so I can play around with normal wired network components to start learning networking.

My Macintosh is secure enough as is even using the hotel's Wi-Fi.

And I prefer not connection a laptop to the hotel's Wi-Fi and then somehow using that as my Internet source for fear it will complicate the network and possible confuse my learning.

I am seeking a way to convert the Wi-Fi to a simple and pure wired Internet connection so I have the same thing I'd have coming out of a modem plugged into a phone line at home.



Why do I need DD-WRT to do that?

And whoever mentioned the router bridge mode or whatever, can you please help explain that more to me?



Forget the travel component.

I would be happy right now being able to plug into some device providing me raw Internet from my hotel room.