Computer_Security Posted July 7, 2014 Share Posted July 7, 2014 This is a tough question because router companies are not consistent in security between different models. To tell you the truth I have no idea which one is better. My guess would be NETGEAR only because when I was performing a pen-test I was impressed that it was fairly hard to crack with a WPA2-Psk, but WPS was enabled so when I tried reaver I had a lot of errors and it kept timing me out after trying a few pins and I think it even stopped sending out beacons and I think I saw it change channels! IDK that is my own personal opinion based on very little experience and I know that a lot of routers have the same security precautions so I would love to have some feedback on what the community thinks! -Thanks Quote Link to comment Share on other sites More sharing options...
cooper Posted July 7, 2014 Share Posted July 7, 2014 Never trust a company. Ever. What you can do is understand that certain companies are more likely to do the right thing, but evaluage each and every item separately. Sometimes even the best companies produce complete and utter stinkers. When it comes to routers for personal use, I'd highly recommend taking any router supported by OpenWRT, flashing the one you get with that firmware and use it like that. Quote Link to comment Share on other sites More sharing options...
barry99705 Posted July 7, 2014 Share Posted July 7, 2014 Are we talking routers or wireless access points? I try to stay as far away from the all in one pieces of shit as much as I can. We deploy either Rukus or Ubiquity access points at client sites, and either use an in house built bsd firewall/router or pfsense firewall/routers. Occasionally we have to use Cisco routers for our physician sites because of hospital vpn requirements. The nice thing with the bsd boxen is if you get a power surge through the dsl or cable modem you can usually just replace the network card and you're up and running again. Pfsense also has the ability to reinstall any extra packages you may have installed if they're in the backups. Quote Link to comment Share on other sites More sharing options...
Computer_Security Posted July 7, 2014 Author Share Posted July 7, 2014 Thanks for the advice COOPER barry99705 and I was trying to see if there was any ROUTER that was known to have good/great security. Thanks for the feedback!! Quote Link to comment Share on other sites More sharing options...
barry99705 Posted July 7, 2014 Share Posted July 7, 2014 Thanks for the advice COOPER barry99705 and I was trying to see if there was any ROUTER that was known to have good/great security. Thanks for the feedback!! In that case pfsense. Quote Link to comment Share on other sites More sharing options...
Computer_Security Posted July 8, 2014 Author Share Posted July 8, 2014 In that case pfsense. Yup thats what I'm gonna go with! Thanks again Quote Link to comment Share on other sites More sharing options...
GuardMoony Posted July 8, 2014 Share Posted July 8, 2014 i recently bought a alix board. for router/AP. Great small pieces of hardware. pfsense can be run on these! http://www.pcengines.ch/alix.htm Quote Link to comment Share on other sites More sharing options...
barry99705 Posted July 9, 2014 Share Posted July 9, 2014 i recently bought a alix board. for router/AP. Great small pieces of hardware. pfsense can be run on these! http://www.pcengines.ch/alix.htm We tried one of those at a client site. Wicked unstable. Would randomly reboot all the time. Replaced it with a cheap dell mini desktop. Only time it reboots now is for software updates. Quote Link to comment Share on other sites More sharing options...
Computer_Security Posted July 9, 2014 Author Share Posted July 9, 2014 So I was looking at NETGEARS and under the more expensive line I saw this... Double firewall protection (SPI and NAT) Denial-of-service (DoS) attack prevention So my question is how reliable is the DDOS prevention? and how does it work does it like block ip's that send too many pings to it? ​And how reliable is the double firewall? -Thanks Quote Link to comment Share on other sites More sharing options...
GuardMoony Posted July 10, 2014 Share Posted July 10, 2014 We tried one of those at a client site. Wicked unstable. Would randomly reboot all the time. Replaced it with a cheap dell mini desktop. Only time it reboots now is for software updates. Still need to do more testing on it. But for my intentions it seems stable. ( no longtime test yet ). Also i'm not running it with wifi. So I was looking at NETGEARS and under the more expensive line I saw this... Double firewall protection (SPI and NAT) Denial-of-service (DoS) attack prevention So my question is how reliable is the DDOS prevention? and how does it work does it like block ip's that send too many pings to it? ​And how reliable is the double firewall? -Thanks Your saying DoS prevention not DDoS. Big difference there. And yes it will probably just drop all packets it receives from that ip. Kinda loled they call a NAT a firewall. Even a home and kitchen router for 30$ got NAT and spi Quote Link to comment Share on other sites More sharing options...
Computer_Security Posted July 10, 2014 Author Share Posted July 10, 2014 Still need to do more testing on it. But for my intentions it seems stable. ( no longtime test yet ). Also i'm not running it with wifi. Your saying DoS prevention not DDoS. Big difference there. And yes it will probably just drop all packets it receives from that ip. Kinda loled they call a NAT a firewall. Even a home and kitchen router for 30$ got NAT and spi Yea I was asking the same thing! Why did they add NAT as a firewall lol! So what exactly is the difference between a DOS attack and a DDOS i know that DOS either stands for denial of service or disk operating system and DDOS stands for distributed denial of service but I never understood the diference between the two could you explain it to me? Quote Link to comment Share on other sites More sharing options...
barry99705 Posted July 10, 2014 Share Posted July 10, 2014 Yea I was asking the same thing! Why did they add NAT as a firewall lol! So what exactly is the difference between a DOS attack and a DDOS i know that DOS either stands for denial of service or disk operating system and DDOS stands for distributed denial of service but I never understood the diference between the two could you explain it to me? They're basically the same thing, but a ddos is a shit-ton of people doing a dos attack to a single host. They're harder to stop since they're from multiple ip addresses. If you get a system in place like the anonymous morons had, you can have several hundred thousand machines hitting a single site. That little netgear device would crap itself from that kind of attack. Quote Link to comment Share on other sites More sharing options...
Computer_Security Posted July 10, 2014 Author Share Posted July 10, 2014 They're basically the same thing, but a ddos is a shit-ton of people doing a dos attack to a single host. They're harder to stop since they're from multiple ip addresses. If you get a system in place like the anonymous morons had, you can have several hundred thousand machines hitting a single site. That little netgear device would crap itself from that kind of attack. Yea, and thanks for the clarification! So a DDOS is like a BOT NET in a way! Quote Link to comment Share on other sites More sharing options...
cooper Posted July 11, 2014 Share Posted July 11, 2014 A DDoS does its work by clogging up your lines with traffic. If at most X packets per second can be processed by the router and some dolt finds a way to get 10*X machines to continuously send packets to that device, even when the packets get dropped immediately the legitimate traffic will have a hard time reaching your device, neverind getting dealt with by whatever lies beyond. Quote Link to comment Share on other sites More sharing options...
Computer_Security Posted July 11, 2014 Author Share Posted July 11, 2014 Thanks barry99705 and cooper for clearing that up Quote Link to comment Share on other sites More sharing options...
anord+- Posted July 19, 2014 Share Posted July 19, 2014 As Cooper said "Never trust a company. Ever." On the job I have been moving away from using Cisco products as of late (NSA hardware additions make me a little weary...), however, I just started working with AeroHive APs, their enterprise web portal gives you a far wider set of options to fine tune security for your AP. (VLan tagging, etc) Any one that uses one of their products, I highly recommend switching over to the Enterprise Level Web portal, oh and it's a free upgrade! Also if anyone in here knows of any security issues with AeroHive APs, etc please post. Thanks! Quote Link to comment Share on other sites More sharing options...
Computer_Security Posted July 19, 2014 Author Share Posted July 19, 2014 Thanks man I will definitly check into it! Quote Link to comment Share on other sites More sharing options...
cooper Posted July 21, 2014 Share Posted July 21, 2014 Like with financial investments, the trick is to diversify. If you use firewalls everywhere (say), but they're all Ocsic SAS 5055's then when an attacker discovers a flaw in that system your entire network security falls apart like a house of cards.To prevent that you should at the very least use different models at different layers, but that increases the maintenance burden as now you need to be aware of how to properly secure at least 2 potentially vastly different systems. Security is never free...I also firmly believe that you should base your trust on your ability to monitor a device. Do you get alerts when things go down? Did you notice them? If not, why was that? What can you do to improve that?As an example, I have one of those cablerouters at home. It's a fairly cheap Wifi-enabled router and I've already found that when I call up the cable company to resolve some issue I have with the device, they have full access to the device. That means I DO NOT TRUST that device. Not because it's a piece of shit (even though it probably is) but because I can't prevent people not explicitly authorized by me from accessing that device and doing whatever they want. They also upgrade the firmware on there automatically (which locks up the device sometimes). My solution was to assume that device is simply an extension of the internet coming into my home. I've configured the Wifi to use the very lowest value for transmission power (turning it off means they dial down my speeds somewhat) and the only network cable coming out of it goes straight into another device I've equipped with 2 network ports and a powerful wifi adapter which is the REAL router. I have full control over that, interesting events get logged to my logging server and processed from there. Everybody knows the quote "just because you're paranoid doesn't mean they're not out to get you". I use a variation: Just because they're probably not out to get you doesn't mean you shouldn't be paranoid. Quote Link to comment Share on other sites More sharing options...
barry99705 Posted July 21, 2014 Share Posted July 21, 2014 I have my provider put my modem in bridge mode. It then forwards the external ip address to my pfsense box. From there I have two networks. One is my home network, which is shared with my wife's office. The other is my testing network which is in the same network space as the pineapple. I even have the gateway address set at .22. The pfsense box will allow traffic from internal to testing, but not the other way. It's much easier to work on the pineapple from my 23" monitors than my little 15" laptop. I don't have the firewall send notifications because if it's not working, it won't be able to send them anyway. For client sites we use various network monitoring applications to keep track of the servers and firewalls. Quote Link to comment Share on other sites More sharing options...
cooper Posted July 21, 2014 Share Posted July 21, 2014 In the ADSL days I had the router in bridged mode aswell, but this device must retain its wifi otherwise i lose a few MB/s throughput. Quote Link to comment Share on other sites More sharing options...
barry99705 Posted July 21, 2014 Share Posted July 21, 2014 (edited) In the ADSL days I had the router in bridged mode aswell, but this device must retain its wifi otherwise i lose a few MB/s throughput. Weird, I still get 50/5mbps either way. Actually just a tad better! Edited July 21, 2014 by barry99705 Quote Link to comment Share on other sites More sharing options...
cooper Posted July 22, 2014 Share Posted July 22, 2014 No, you misunderstand. The cable company has this thing where they offer free wifi access to all subscribers by letting them use a small chunk of the wifi from other subscribers. So if both me and my neighbor are with the same cable company, I can use up to a few MB/s of his bandwidth (it's intended for wifi roaming using your mobile) when my own AP is out of range. Both me and my neighbor were 'compensated' for this potential drop in available bandwidth by an increase in bandwidth by the maximum amount that can be used by other people. I think I went from 20 MB/s to 25 MB/s and this excess is available to you, the paying subscriber, when nobody's around to use it however if you deactivate Wifi on your router or otherwise disable the roaming feature, they will drop you back to the original 20 MB/s. Since I'm high up in an appartement building, other people would have to sprout some very impressive wings to make use of this feature using my AP so effectively I just got a speed boost for free... so long as I retain the machine's ability to provide a Wifi signal to the outside world. When I put the device in bridge mode, Wifi would obviously be disabled and when they discover this (which I'm sure they will) I lose the additional 5MB/s. Quote Link to comment Share on other sites More sharing options...
barry99705 Posted July 22, 2014 Share Posted July 22, 2014 (edited) No, you misunderstand. The cable company has this thing where they offer free wifi access to all subscribers by letting them use a small chunk of the wifi from other subscribers. So if both me and my neighbor are with the same cable company, I can use up to a few MB/s of his bandwidth (it's intended for wifi roaming using your mobile) when my own AP is out of range. Both me and my neighbor were 'compensated' for this potential drop in available bandwidth by an increase in bandwidth by the maximum amount that can be used by other people. I think I went from 20 MB/s to 25 MB/s and this excess is available to you, the paying subscriber, when nobody's around to use it however if you deactivate Wifi on your router or otherwise disable the roaming feature, they will drop you back to the original 20 MB/s. Since I'm high up in an appartement building, other people would have to sprout some very impressive wings to make use of this feature using my AP so effectively I just got a speed boost for free... so long as I retain the machine's ability to provide a Wifi signal to the outside world. When I put the device in bridge mode, Wifi would obviously be disabled and when they discover this (which I'm sure they will) I lose the additional 5MB/s. Oh! I see now. There's no way in hell I'd share my WiFi, even if it is separate from your network. Edited July 22, 2014 by barry99705 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.