Consumer routers drive security professionals like me crazy. I’m happy to say I finally found a router that doesn’t drive me nuts. I want you to buy an Asus RT-AC66U. I’m going to tell you why, and I’m going to tell you how to configure it. Here’s how to set up an Asus RT-AC66U and how to optimize an Asus RT-AC66U.
I set up a DD-WRT router on Charter’s Spectrum broadband, and had a hard time getting it to work. It wouldn’t pull an IP address on the WAN side, or it would pull a 192.168 address rather than a Charter public address.
Here’s what I had to do to fix it.
I’ve been asked a few times now for my recommended DD-WRT settings, or at least my good-enough settings. I think that’s a great idea, so I’ll walk through how I configure a DD-WRT router. Follow these steps and I can almost guarantee you’ll have the most secure network on your block.
For the purposes of this tutorial, I am going to assume you are configuring DD-WRT as your primary router.
I’ve been using and recommending DD-WRT for years, but it’s getting harder to find inexpensive routers to run DD-WRT. Many inexpensive routers now use non-Broadcom chipsets that DD-WRT and other third-party firmware don’t support well, or at all.
But there’s still a way to get inexpensive, compatible routers that isn’t likely to change any time soon.
In the heat of the moment, I searched my blog this weekend for quotes that could potentially be taken out of context and found something rather prophetic that I wrote in the heat of the moment 11 1/2 years ago:
Keeping up on Microsoft security patches is becoming a full-time job. I don’t know if we can afford a full-time employee who does nothing but read Microsoft security bulletins and regression-test patches to make sure they can be safely deployed. I also don’t know who would want that job.
Who ended up with that job? Me, about a year after I left that gig. It actually turned out I was pretty good at it, once I landed in a shop that realized it needed someone to do that job, and utilized that position as part of an overall IT governance model.
I’ve alluded in the past to why it’s a good idea to make a DMZ with two routers, but I’ve never gone into depth about how and necessarily why to do it.
If your ISP gave you a combination modem/switch/access point/router and it only supports 100 megabit wired and 54-megabit (802.11g) wireless and you want to upgrade to gigabit wired/150-meg (802.11n) wireless, here’s a great way to make the two devices work together and improve your security.
If you spend any time at all using unencrypted wi-fi networks at hotels and coffee shops, you need a VPN. Public connections are fine for reading news headlines and checking sports scores, but cannot be considered safe for e-mail, online banking, making purchases, or anything that involves a username and a password. A VPN, which encrypts that traffic from prying eyes, is the only way to make them safe.
Here’s how to set up a VPN that’s good enough for personal use. All you need is a home Internet connection, a computer at home, and the laptop you take on the road.
Of course corporations can set up VPNs that are much faster and much more robust, but this is something you can set up in a couple of hours on a weekend afternoon without spending anything.
It was 2007, give or take a year. I was working a shop that had a WAN connecting four data centers around the world. A couple of hard drives in a SAN at one of the remote data centers had either failed or were in the process of failing.
No problem, we said. We’ll send some drives, and we’ll send along some extras so the next time it happens, you can just grab a spare off the shelf, slam it in, and not miss a beat.
Simple, right? Well, you should never underestimate a human being’s ability to make the simple difficult.