LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 04-19-2018, 03:57 PM   #1
SteelCitySteve
Member
 
Registered: Sep 2017
Location: Western PA
Posts: 39

Rep: Reputation: 0
Need more than a Consumer-grade Router


I would like to earn my Network+ certification, and I am trying to learn more about security.

Everything I've read online says that consumer-grade routers are CRAP and offer little to no security.

I suppose if you dropped a couple of grand on a fancy business-class Cisco router, you'd have more configurability and security, but that is more than I need at home.

So is there something in between which would allow me enough configurability to apply Network+ skills and enough security so I could feel like my router is actually protecting me?
 
Old 04-19-2018, 05:56 PM   #2
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Yawnstown, Ohio
Distribution: High Sierra
Posts: 9,100
Blog Entries: 37

Rep: Reputation: Disabled
Router ain't nothing but a dumb switch.
 
Old 04-19-2018, 07:11 PM   #3
jefro
Moderator
 
Registered: Mar 2008
Posts: 18,373

Rep: Reputation: 2738Reputation: 2738Reputation: 2738Reputation: 2738Reputation: 2738Reputation: 2738Reputation: 2738Reputation: 2738Reputation: 2738Reputation: 2738Reputation: 2738
Can't say the enterprise level stuff is secure but I'd suspect one could make it more secure over SOHO.

Could get a used switch/smart switch/ router.

There are or were a few OS's that simulated switch behavior. I think one was similar to cisco.


A lot of hobby users will have something DD-WRT or other on. They tend to be updated on newest hardware somewhat often.
 
Old 04-19-2018, 10:45 PM   #4
AwesomeMachine
LQ Guru
 
Registered: Jan 2005
Location: USA and Italy
Distribution: Debian testing/sid; OpenSuSE; Fedora; Mint
Posts: 5,326

Rep: Reputation: 965Reputation: 965Reputation: 965Reputation: 965Reputation: 965Reputation: 965Reputation: 965Reputation: 965
You can pick up a Watchguard firewall appliance on eBay for $50-100.00. They have integrated switch and router, and are quite configurable from the built-in web server interface.

Last edited by AwesomeMachine; 04-19-2018 at 10:49 PM.
 
1 members found this post helpful.
Old 04-19-2018, 10:53 PM   #5
frankbell
LQ Guru
 
Registered: Jan 2006
Location: Virginia, USA
Distribution: Slackware, Debian, Mageia, and whatever VMs I happen to be playing with
Posts: 13,826
Blog Entries: 24

Rep: Reputation: 3684Reputation: 3684Reputation: 3684Reputation: 3684Reputation: 3684Reputation: 3684Reputation: 3684Reputation: 3684Reputation: 3684Reputation: 3684Reputation: 3684
Many consumers aren't smart about consumer-grade routers. They don't change the default router password and they don't manage the ports properly. Then, again, many consumers have no idea about how the internet works.

Rule One: Establish a new, unique password for accessing the router configuration. This is the most common failure, as default passwords are, by default, public.

Rule Two: Close all public-facing ports except ones that must be open (which, in most cases, is none).

Last edited by frankbell; 04-19-2018 at 10:55 PM.
 
Old 04-20-2018, 12:48 PM   #6
SteelCitySteve
Member
 
Registered: Sep 2017
Location: Western PA
Posts: 39

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by frankbell View Post
Many consumers aren't smart about consumer-grade routers. They don't change the default router password and they don't manage the ports properly. Then, again, many consumers have no idea about how the internet works.

Rule One: Establish a new, unique password for accessing the router configuration. This is the most common failure, as default passwords are, by default, public.

Rule Two: Close all public-facing ports except ones that must be open (which, in most cases, is none).
When you say "close all ports" I assume you do that on a firewall, right?

Or do you do that on your computer?

If the former, can that even be done on a consumer-grade router?
 
Old 04-20-2018, 01:44 PM   #7
jefro
Moderator
 
Registered: Mar 2008
Posts: 18,373

Rep: Reputation: 2738Reputation: 2738Reputation: 2738Reputation: 2738Reputation: 2738Reputation: 2738Reputation: 2738Reputation: 2738Reputation: 2738Reputation: 2738Reputation: 2738
The WRT versions offer maybe the most one can put in a home router. Building iptables and the ability to make large complex ones tends to offer choices for these products.

You can install something like Untangle firewall or other firewall distro that goes into layer 7+ protection.
 
Old 04-20-2018, 02:12 PM   #8
Timothy Miller
Moderator
 
Registered: Feb 2003
Location: Arizona, USA
Distribution: Debian, Fedora, Arch, & KDE Neon
Posts: 2,779

Rep: Reputation: 793Reputation: 793Reputation: 793Reputation: 793Reputation: 793Reputation: 793Reputation: 793
Quote:
Originally Posted by jefro View Post
The WRT versions offer maybe the most one can put in a home router. Building iptables and the ability to make large complex ones tends to offer choices for these products.

You can install something like Untangle firewall or other firewall distro that goes into layer 7+ protection.
This is what I'd go with. Find a consumer grade that works with these, and upgrade it to the much more capable software.
 
Old 04-20-2018, 04:10 PM   #9
SteelCitySteve
Member
 
Registered: Sep 2017
Location: Western PA
Posts: 39

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by jefro View Post
The WRT versions offer maybe the most one can put in a home router. Building iptables and the ability to make large complex ones tends to offer choices for these products.

You can install something like Untangle firewall or other firewall distro that goes into layer 7+ protection.
Sorry, what is "WRT versions"??
 
Old 04-23-2018, 12:51 PM   #10
jefro
Moderator
 
Registered: Mar 2008
Posts: 18,373

Rep: Reputation: 2738Reputation: 2738Reputation: 2738Reputation: 2738Reputation: 2738Reputation: 2738Reputation: 2738Reputation: 2738Reputation: 2738Reputation: 2738Reputation: 2738
One of the first hobby OS's to be placed on a soho router was maybe DD-WRT. It went on a Linksys WRT router. Names that include WRT and others like merlin are popular. OpenWRT and such.
 
Old 04-23-2018, 02:17 PM   #11
_roman_
Member
 
Registered: Dec 2017
Location: _Austro_Bavaria_
Distribution: gentoo / linux mint
Posts: 433

Rep: Reputation: 28
cisco and secure, cough

in the old days it was always a mixture.

well anyway may i ask why you go the router route and do not care for your operating system, behaviour on your consumer tools?

i see it just as gateway, gateway to the net.

i also wonder when you talk about security that you never heard about custom firmware. later they renamed it to tomatoe and such. The poster above me explained the first versions of custom firmware.

AS I managed to destroy hardware wise two of those fancy network "gateways" i'll refuse to spend any money on them anymore.

well when you do not want to spend money for a reasonable priced car you get only consumer grade routers.

You complain about the software. I complain about the technical specs. Summary consumer crap. Most often indicated with the gamer tag these days
 
Old 04-23-2018, 08:23 PM   #12
jefro
Moderator
 
Registered: Mar 2008
Posts: 18,373

Rep: Reputation: 2738Reputation: 2738Reputation: 2738Reputation: 2738Reputation: 2738Reputation: 2738Reputation: 2738Reputation: 2738Reputation: 2738Reputation: 2738Reputation: 2738
Side note.
SteelCitySteve didn't claim to posses advanced skills.

The choice of wording could be more professional.

Kind of as post #2, a router isn't a security device. One protects their network by using as many best practices as they can. Generally a perimeter firewall is used along with many other tasks.

I'm pretty sure I saw some web site that offered the ability to configure a virtual cisco router.
 
Old 04-25-2018, 08:38 PM   #13
SteelCitySteve
Member
 
Registered: Sep 2017
Location: Western PA
Posts: 39

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by jefro View Post
Side note.
SteelCitySteve didn't claim to posses advanced skills.

The choice of wording could be more professional.

Kind of as post #2, a router isn't a security device. One protects their network by using as many best practices as they can. Generally a perimeter firewall is used along with many other tasks.

I'm pretty sure I saw some web site that offered the ability to configure a virtual cisco router.
I just spent the last 6-8 months learning how to secure my Mac computer. And part of my learning stumbled across the fact that most people's Internet connections and networks at home are horribly insecure.

When most people connect to the Internet they use what is commonly called a "router", although I believe a router/switch is a better term.

What I am trying to learn is what things can an average consumer do to really beef up security on their home networks/Internet when they probably lack advanced networking just as I lack them!

I thought maybe there was a middle ground where a person could buy a router/switch that would be substantially more secure - even if it required some configuration - but not to the point where you'd need to be a command-line/Linux geek!

Also I am curious if a consumer forked over $800-$1000 for a Cisco router and/or firewall, if that would make their Internet connection completely safe, or is it still not that easy.

When I good "How to secure your home network" I see lots of articles talking about all of the vulnerabilities in home routers like Linux.

I'm trying to find a way to eliminate those threats for myself and friends and family without requiring a PhD in networking.

Does that make sense?

And can you better answer my questions now?
 
Old 04-25-2018, 09:50 PM   #14
frankbell
LQ Guru
 
Registered: Jan 2006
Location: Virginia, USA
Distribution: Slackware, Debian, Mageia, and whatever VMs I happen to be playing with
Posts: 13,826
Blog Entries: 24

Rep: Reputation: 3684Reputation: 3684Reputation: 3684Reputation: 3684Reputation: 3684Reputation: 3684Reputation: 3684Reputation: 3684Reputation: 3684Reputation: 3684Reputation: 3684
Quote:
When you say "close all ports" I assume you do that on a firewall, right?
You can do that in a firewall (and I do), but you can also do that in most routers.

It is wise to do so.

Also, as an aside, a router is not a switch. A switch is nothing more than a smart hub.

Switches don't route.

https://www.webopedia.com/DidYouKnow...switch_hub.asp

Last edited by frankbell; 04-25-2018 at 09:56 PM.
 
Old 04-26-2018, 07:55 PM   #15
SteelCitySteve
Member
 
Registered: Sep 2017
Location: Western PA
Posts: 39

Original Poster
Rep: Reputation: 0
I don't hear anyone jumping up and down saying I'd be more secure with a Cisco router or firewall... (Interesting)

Also, isn't there a way to create an industrial-strength Internet connection without needing a computer and software? I was hoping I could buy a device(s) and secure them using firmware and software on the devices.

Lastly, to get great Internet security, is a great hardware firewall more important, or is a great router/switch more important?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
how to down grade LT72884 Linux - Newbie 19 09-02-2013 09:16 PM
Linux barriers to consumer-grade status... ideas? Raveolution Linux - General 23 02-10-2011 07:26 AM
Router recommendations? (Consumer) Rotwang Linux - Hardware 5 10-19-2009 05:52 AM
up grade firefox Maurice Arthur MEPIS 16 03-10-2008 04:08 PM
build grade from source @ngelot Linux - Software 2 11-26-2005 04:01 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 05:01 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration