top | item 18435105

(no title)

9712263 | 7 years ago

So, what is the most secured option for the moment? Buy a x86 box and turn it into a router? But it consumes more power than a low-power router, and buying more network adapter is not that cheap.

I am currently using the open source tomato firmware. However, since there is a bug/feature in the router so that I cannot flash an image too large, or otherwise it would not work. Also, the configuration is limited to 32 KB, if configure too much, then the configuration file will become gibberish and some random feature in the router would be missing, and required a factory reset to fix. So, I am stuck with an older version of tomato which guarantee some kind of vulnerability is not fixed.

Not sure what I can get in the form size of a router. Raspberry pi may work but too few ports available. I heard that the CPU would get hot for intense network traffic.

discuss

walrus01|7 years ago

For something really small the ubiquiti edgerouter devices which run their EdgeOS are a good choice. If there's a serious security vulnerability on the WAN-facing interface it will be patched. They run a fork of Vyatta. Ubiquiti employs most of the old Vyatta development team, who did not go to Brocade when Vyatta was acquired.

Or build a really small low power x86 system with a few Intel gigabit NICs in it and run open source VyOS.

eikenberry|7 years ago

So the ERLite-3?

https://www.ubnt.com/edgemax/edgerouter-lite/

weinzierl|7 years ago

fli4l [1] on an ALIX board [2] (for example) is an option.

ALIX boards are reasonably energy efficient. fli4l can run from read-only media. This is no panacea (see fileless malware) but at least you can be sure that after a reboot your system is clean. Security is a primary goal [3] of the fli4l project and they maintain a public Security Archive.

[1] http://www.fli4l.de/en

[2] https://www.pcengines.ch/alix.htm

[3] http://www.fli4l.de/en/home/security/

varjag|7 years ago

Find a not too old Cisco integrated services router, set it up to drop everything coming from outside, and run DHCP network(s) on the inside. Use WiFi routers in bridge/access point mode.

Drawback is they tend to be noisy, but if you have a basement/closet..

DanBlake|7 years ago

I think its been around 7 years since a public exploit has been dropped for the apple airport extreme. YMMV though, as Apple has stopped selling them which means support is likely going to be minimal in the future if something does pop up. Alot of it is likely security through obscurity though as obviously the code is closed source and it uses a custom management interface vs web-access.

If you want to go the modern (better) route, enterprise equipment such as ubiquity or cisco with strict rules are likely your best bet. The budget option being a openwrt install with one of their recommended routers

stordoff|7 years ago

> Buy a x86 box and turn it into a router? But it consumes more power than a low-power router, and buying more network adapter is not that cheap.

If you want to go this route, used Intel NICs are cheap. I recently picked up a 4-port gigabit NIC (PCI-E) for £13.99. I'm running on a machine that would be on anyway, so the power usage is negligible.

jsjohnst|7 years ago

I highly recommend looking into pfSense. I’ve been running it for years and it’s been solid.

NullPrefix|7 years ago

You only need two network adapters, other devices could be connected by a switch.