Consumer routers are the security vulnerability of the year, so far

Today I found an article in PC World that gives a somber assessment of the state of consumer routers, like the device that probably sits between you and the Internet.

I’m glad this is getting attention. There’s a lot more to it than what’s in the PC World article, but I’ve droned enough about what’s bad about consumer routers. It’s bad now, and it’s going to get worse before it gets better. Kudos to PC World for providing a bit of an action plan.

What if you want to go beyond what PC World is talking about? I’m glad both of you asked. If you’re feeling really brave, and you have a PC somewhere in a closet or basement that you aren’t using anymore–a PC that barely runs Windows XP is more than good enough for this–you can build your own access point. Salvage the PC, then load Pfsense on it. This is precisely the idea behind the first routers I ever built–I have memories of getting together with friends and spending a weekend building routers out of 486s and 75 MHz Pentiums–but on steroids. Pfsense lets you build a legitimate, commercial-grade firewall (to get something demonstrably better you have to go to the proprietary and very expensive Palo Alto firewalls) to protect your network, with lots of things you can bolt onto it. Plug a dual Intel gigabit NIC into it to handle your wired networking needs, and a TP-Link wireless card to turn it into a wireless access point, and you can have better protection than some corporations have, for less than $100 worth of hardware and a couple of hours of effort. Double-check what slots your PC has, as I linked to PCI Express cards. If all you have is old-fashioned PCI, you’ll need to buy a PCI wireless NIC and PCI wired NICs, which may cost a bit more.

I apologize for sounding like an Intel shill, but when it comes to building a high-performance network device, Intel cards provide much better throughput than garden-variety Realtek cards. Realteks are fine for proving the concept, but if you’re the kind of person who’s willing to build a firewall from parts, I’m willing to bet you have a big enough network with enough going on that you’ll notice the boost from Intel cards. At least there are enough Intel cards floating around on the secondary market that they aren’t too expensive.

I’m going to do it. I want better protection than what AT&T makes me use, but I also want experience administering a truly high-end firewall.

If you found this post informative or helpful, please share it!