Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suggestions for Secure Wireless Router


  • Please log in to reply
1 reply to this topic

#1 ChrisKC

ChrisKC

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 20 July 2017 - 06:50 PM

I'm looking for a small business or commercial class wireless router. My primary concern in purchasing this is security. Now, I know there is no absolutely secure system. But I'd like to do what I can. Here's what I'm looking for:

* Automatic firmware updates or at least notifications
* No WPS
* Guest network ability
* Firmware rollback option
* Able to disable remote admin access - ethernet only access
* Can disable (or stealth) PING, Telnet, SSH, UPnP, and HNAP
* OpenDNS
* VPN

Dual-band would be preferable, but again, security is my #1 priority. There are probably features I've missed or aren't even aware of. Feel free to share these with me.

So, that's what I'm looking for. Any ideas?

Thanks!

Chris

BC AdBot (Login to Remove)

 


#2 arlattimor

arlattimor

  • Members
  • 591 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Beaufort, SC.
  • Local time:01:53 AM

Posted 23 July 2017 - 11:08 AM

Well, let me give a few comments for you here. 

 

Automatic firmware updates or at least notifications:  Most modern routers have this ability to auto update or notify you by email when updates are available you simply have to enable this feature within the router. 

 

No WPS:  WPS or WIFI Protected Setup requires that someone have access to the router to get the pin number on the router or push the WPS button to establish a connection to the network. So my question is the router going to be located in a public area,  a secured one, or put out of sight to where you can still receive a good signal. For example mounted within a modular ceiling out of sight of public view. But access if a ladder is available and you removing some ceiling tiles.

 

Guest network ability:  Wifi Routers today are Dualband Routers that have the ability to configure a Guest Network this is not an issue.

 

Firmware rollback option:  With this, you would have to get with support from the Router Manufacturer to see if the model of router you have supports rolling back to an earlier firmware version.

 

Able to disable remote admin access - ethernet only access: Remote Administration of the router from outside your network would require the feature be enabled. Also, you likely would have to enable Dynamic DNS unless you have a Static IP Address. Which would be plausible if you have business class internet. Your ISP would issue you a block of Static IPs. Now, this is not saying you cannot Remotely Admin the router securely you can, You simply have to enable HTTPS under the Remote Admin Feature. But So if you don't wish to remotely admin your router away from your business network, don't enable this feature.

 

Administering the router from local business network whether thru ethernet or wifi would require the routers IP Address and the Admin Password. Depending on the model of router an Access Control List of authorized computers can access the Admin Page. This can be accomplished by enabling the ACL and putting in an IP Address of the authorized system or Mac Address.  

 

Can disable (or stealth) PING, Telnet, SSH, UPnP, and HNAP: In most routers today you can disable PING or ICMP requests by shutting off the feature. Telnet and SSH are ports that have to be opened and forwarded on the router. These ports are closed by default on all routers. UPnP is a feature you can enable and disable within most routers by going into the settings, same with HNAP.

 

OpenDNS: OpenDNS is a very good content filtering service. All that's required here is to configure the router to use OpenDNS's dns servers for dns forwarding requests easy peasy. Wonderful service does an outstanding job   

 

VPN: Now the question here is are you trying to establish a VPN Gateway for remote workers? Or are you trying to establish a Site to Site VPN with a branch office? Also what type of VPN will it be IPSEC, PPTP, L2TP what?  


Edited by arlattimor, 23 July 2017 - 11:09 AM.

A. Lattimore

CCNA, CWNA, MCITP, MCSA, MCT, MCP, Security+, Server+, Linux+, Network+, A+, CNST

Network Security Engineer

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users