

Ask HN: Routers that are secure out of the box? - bad_capacitor

My apple router just broke due to a power surge. I&#x27;ve searched HN and apparently Linksys, Netgear, Asus and TP-LINK all have had decently-bad vulnerabilities&#x2F;back doors, at least in the past. There&#x27;s also discussion of open firmware but I don&#x27;t want to have to maintain that.<p>Is there a safe router I can get that works out of the box or should I just stick with apple?
======
llama052
To be honest I would go for the Ubiquiti Edgerouter series, super good bang
for your buck, and advanced features if you ever want to play around with
firewall/routing features.

[https://www.ubnt.com/edgemax/edgerouter-
lite/](https://www.ubnt.com/edgemax/edgerouter-lite/)

~~~
yarrowy
That router doesn't include WiFi, so would you have to connect it to a second
router that has it?

~~~
stephendicato
Correct. Instead of a second router, you would buy a dedicated wireless access
point. Ubiquiti sells those as well.

------
stephendicato
If you are familiar with Apple routers and have liked them in the past, I'd
say stick with them and buy another.

They perform well, as easy to setup, and regularly receive updates from Apple.

If you decide you want something more powerful, with more features, or
generally want to learn more about networking and security, I'd recommend
buying an official pfsense device. See:
[https://www.pfsense.org/](https://www.pfsense.org/)

------
mikeROSCOPED
GateProtect UTM. Pricey but secure [made in Germany, regularly audited by
other security companies, guaranteed no NSA back doors].

[http://www.gateprotect.com/en/Products/UTM-
Solutions](http://www.gateprotect.com/en/Products/UTM-Solutions)

~~~
a3n
That would be a juicy target for NSA, with a rep like that.

~~~
mikeROSCOPED
I guess, they are very open about it.

They are selling an Intel based appliance running a hardened Linux [I think]
distro that is customized to provide the service/protection they want. I guess
it is only as secure as the packages they bundle.

Their site details their TeleTrust Cert comitment as:

The company headquarters is in Germany

The company offers trustworthy IT security solutions

No solutions that contain non-declared backdoors are offered

All the company's IT security research and development takes place in Germany

The company complies with the German data protection law.

[[http://www.gateprotect.com/en/why-you-should-consider-
techno...](http://www.gateprotect.com/en/why-you-should-consider-technology-
gateprotect)]

------
RachelF
You can always find one you can put DD-WRT on by reflashing.

~~~
martey
The original poster mentioned that they did not want to have to deal with
maintaining self-installed open source firmware.

Even if an open source firmware was the preferred solution, OpenWRT or another
libre firmware would be a better choice. DD-WRT is harder to keep updated,
often relies on closed source wireless drivers, and has had several remotely
exploitable vulnerabilities in the past.

