Walter emails with a question that probably will have broad interest:
BP -
Long time reader question here:
I need to replace my long-in-tooth NetGear WiFi router and could use a suggestion on what are the best routers to consider; I need both 2.4 and 5 Ghz to support existing equipment. Square footage = ~1.8K, rough footprint 56X32 on one level; the existing (centrally located) NetGear covers all of it well without repeaters or mesh, meets all speed requirements, is currently supported by 100 meg coaxial cable but 1 gig fiber is a month or so away, house is pre-wired to each room with coax in the next couple of weeks, and since the router also supports the security system high security is a strong consideration.
Expert suggestions?
Well, I am not really an expert, but I play one on TV so here goes. I will start with some high level recommendations and then get more specific with some actual device suggestions (note: I do not have any commercial interest with any of these vendors). Lastly, I will end with some generic WiFi security suggestions and pointers to old posts here.
Recommendation #1: Do NOT select any device from TP-Link (which are generally the least expensive options). These are Chinese and there is a nasty habit of Chinese companies putting back doors in their commercial hardware. The US Government is considering banning these because they don't trust them any more than I do.
Recommendation #2: Use open source software on your device. There is a long history of WiFi routers having security bugs that never get fixed because they are end of life (I posted about this ten years back so this is a persistent problem in the industry). Profit margins are razor thin and so you will end up with an orphaned device. I recommend OpenWrt which has been around since forever and has great hardware support. Yes, this means putting new software on your brand new device. You will only go through this pain once and you never have to worry about unpatched security bugs.
Recommendation #3: Look for commercial WiFi routers that come with OpenWRT pre-installed. This will save you a step. Turris Omnia is one option (and they have a pretty interesting Distributed Adaptive Firewall security feature). OpenWrt One is another. There is one from TakTikal but it seems to be out of stock.
Recommendation #4: If you want to go with a more commercial device and flash your own software, I'd recommend Linksys and Netgear because they have great OpenWrt support. Here are some recommended devices. At this point you will be selecting on feature/function. Walter had some specific needs that you might not, so there's something for everyone here.
Recommendation #5: Once you are set up, make sure you have secured the configuration. WiFi encryption is almost certain to be on by default, but change your dang password (duh!). One thing I recommended in that post (and still recommend today) is to write the router password on a piece of paper and tape it to the bottom of the device (note: don't tape it over ventilation holes). Yes, writing down passwords is usually double plus ungood security but face it - anyone who gets physical access to your device can do a factory reset and take it over anyway. Your front door lock now becomes an excellent WiFi security feature and you never have to worry about forgetting the password.
Lastly, read this post from sixteen (!!!) years ago. Secure your damn WiFi router.
I know that a bunch of you are in the tech biz, so if you have anything to add, drop it in the comments.
3 comments:
Thanks, and good recommendations!
I switched to Ubiquiti Unifi gear.
Boy am I screwed! I have 3 TP-Link devices in my network. Two 5 GHz links and the wireless router in my main house. I can put open source on the router but nobody has created open source firmware for the two links.
I know about the Chinese putting stuff into the hardware.
Post a Comment