I am concerned about trying to maintain security at the router level and would like to know if I need to improve what I have.
First off I receive from my Internet service provider an ADSL connection, and they then provide me with a very basic modem/router. To this modem/router I added a second wireless router, a Linksys WRT54GL unit and to that router I installed Tomato Version 1.28. This software is not supported now and I am concerned about the future of this router.
My hardware in use consists of a main Windows 7 machine, an HTPC, an computer box for a second TV and a FreeNas server.
Things that I am considering is building a PFsense router however the space available for this device is limited so am also considering the purchase Ubiquiti Networks ER-X EdgeRouter .
I have used Steve Gibsons site (GRC) to run an assortment of tests and challenges and the Tomatoes firewall would not
allow unauthorized access.
I would appreciate feedback so that I can make a decision going forward.
What sort of security issues are you worried about? If it's the firewall you should be okay even with an unsupported version of tomato. Personally I use pfsense and can recommend that, but I've also heard good things about the edge router. If space and budget are limited then I'd go with the edge router as it'll be simpler.
Im 100% with you and scared. I too get my internet through some off the shelf ADSL2+ modem / router combo for service. My old one had 10M ports so I purchased a modem with 1G ports. 4 ports on both units.
I noticed the new 1G unit hammering traffic to my local network. Even on a cold boot of all devices including the router. The traffic was coming from the router's IP to my main machine like a blast of traffic while nothing to the internet.
Super nerd in me said brute force password cracking.
Im not able to problem solve to network levels so I just pluged in my old hardware with 10M ports and deal with in. Slow and no blasting
ADSL modems and built in routers that are open source are extinct from what I found. There are regulations on the standard for copper network to ADSL hardware. Im Australian ... Countries may vary.
Im yet to bother making a home network on say PFsence feed by some weird ass stange ADSL2+ modem. I might have too.
I would also like a tech to speak to the problem of ADSL and router combos
OPNsense may also be an consideration. It is an fork that grown to being an easy to use and save PFsense competitor. Maybe you can conact your ISP to set all your ISP equipment in "dump modem mode" and let PFsense or OPNsense hande it. This can be run on an 25 dollar system from ebay with an dual port networkcard (preferrebly Intel because of compatibility issues)
That exact setup is still running at my moms house. Will run forever and make no problems. Simple and functional.
I am on Telekom VDSL in Germany and I am using a Draytek Vigor with pretty much everything disabled so it acts like a modem. Behind that is an APU.1D4 running PFSense and that feeds the internet connection into my switch.
I am considering a second internet connection for my own little cloud server. I don't like to open my whole network for that.
Have you ever sniffed what traffic actually is sent? Most likely IPv6 gateway broadcasts, and other ARP traffic as the touter was trying to get to know the nodes it has to handle.
A well known method is to create a DMZ, which basically means you have two firewalls, and some random node inbetween these two nodes. This inbetween item can be something as random as a raspberry pi serving nothing, doing nothing, no point of it being there. Basically just a random node in the layout. Basically it would mean that the hacker once they break through your firewall has the choice of attacking another firewall, or attacking something which does nothing. Maybe put a readme file on the device explaining the hacker this is a dummy device, but please leave a message. If they attack your secondary firewall, it is kind of out of your hands since they're just persistent, and maybe didn't take to well to the text file. this method does mean a small hit in your ping though since as allways the more nodes you passthrough the higher ping.
As it now stands the router solution I have seems to be working well, however having a router application that is no longer supported is a concern going forward. There is another issue that might be coming and that is IOT and the use of appliances. My original thought where to have them on a separate network by using another router. This is a simple solution but with a new router be it PFsence or a EdgeRouter one could segment the two networks.