D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] Wireless router

 

On 01/09/13 11:07, Daniel Robinson wrote:
> So what are the recommendations before another of my posts goes completely
> off topic!

Ah yes, sorry about that... well, you've really got two, maybe three
options for getting wifi set up:

1: Use whatever crappy router your ISP sent you, and try and secure it
as best you can
2: As mentioned, get a 3rd party router that you can flash with Tomato,
OpenWRT, etc
3: Use a computer, with a wifi card or several, and setup your network
with that

That is in ascending order of security, complexity and price all at the
same time. Your free ISP router is the least customisable, will have the
weakest security, lowest range and will generally be crap but it is both
free and probably available to you right now. I've got one of these from
Virgin and although I've turned off UPnP, WPS and so on, I don't
particularly trust it but it's fine for providing a general guest wifi
network for quick casual access and it runs 24/7 with no problems at all.

Getting a third party router means you will have to find a
well-supported model and buy it, probably from Ebay. It won't cost you
much, but it is much more effort. In return, you'll get a massively more
customisable router with full support for pretty much anything a Linux
networking box could give you - QoS, port knocking, filtering, the lot.
You will also no longer have to trust the undoubtedly needlessly
crippled, probably vulnerable firmware your ISP foists upon you and can
remotely reflash at any point.

Option 3 might not actually be the most expensive, particularly if you
can rustle yourself up a free computer from Freecycle or your job
rifling through the old Currys in Exeter. Ideally, as it's going to run
24/7, a low power (potentially a job for a Raspberry Pi?) solution might
be best as the low cost of a donor machine might end up being cancelled
out by it's inefficient PSU gobbling your mains power constantly.
Perhaps one of those mini-clients that Gordon is offering might fit the
bill if you can be bothered coaxing it back into life, that'd probably
be a pretty low power solution. Anyway, once you've got your PC, stick a
wifi card (get a good one, and by that, I pretty much mean an Atheros
chipset) and as many extra NICs in it as required. Grab your favourite
customised router/gateway/network-in-a-box Linux distro (ClearOS,
IPFire, Smoothwall... there are many to choose from - also BSD style
like Monowall, pfSense, etc) and set to work building your own little
solution. Option 3 will require the most work and will by far and away
be the most powerful, reliable and secure system. I do this at home as
well as option 1, running a normal but very heavily customised and
hardened OpenBSD system with 4 NICs and 2 Atheros wifi cards on a dinky
little venerable Pentium II 450MHz w/ 512Mb RAM. It's been working 24/7
for years and I virtually never have to do anything to it, just read my
logs and make sure the poor old thing hasn't finally died every now and
then.

So there you go - as usual, you were asking hopefully about magic
anti-hacking solutions: I'm afraid there aren't any my friend! Just do
your best to avoid really stupid things (like leaving WPS on, or
choosing WEP...), make sure your root password isn't "password123" and
read a security article every once in a while and you're done.

Right, hope that actually answers your original question a little better
this time around.

Cheers

-- 
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq