July 08, 2004

Which 802.11g Router is More Secure?

Here's a query for the security savvy -- in your opinion, which Wi-Fi "g" router is better for overall security features for a home network, the Linksys WRT54G or NetGear WGR614?

The background info: The dust has begun to settle after my move, and I've got the cable guy coming in next week to install broadband. They're providing the basic cable modem for free, so it makes sense for me to get an 802.11g Wi-Fi router over the weekend, primarily to share the Internet access, but also to network an HP DeskJet, and for the odd file transfer between two PCs (a desktop and a laptop). The Wi-Fi is primarily for the laptop's mobility, a Dell Latitude D600 with a Dell TrueMobile 1400 802.11a/b/g combo card.

While Wi-Fi performance is important, I'm much more concerned about the security. I've got it pretty well covered on the PC level (software firewall, AV, anti-spyware scanners, checking on Windows sharing, etc.), but it hasn't been fun trying to get reliable security specs on the routers. It would've been better to run a dedicated firewall server on a separate device, but due to a lot of time constraints, I'm just not going to have any time to tinker with it for the forseeable future.

So far, both the Linksys WRT54G and NetGear WGR614 wireless "g" routers look pretty good to me, but I could use a more experienced eye. It appears that both feature NAT, SPI firewall, MAC address filtering, SSID broadcast disable, WEP and WPA encryption, and more. Although one Linksys WRT54G product page mentions NAT, another one omitted it -- any WRT54G owners who can confirm NAT is included? Also, can anyone confirm whether either one can limit the number of connections independently from MAC or IP address filtering (since MAC and IP addresses can be spoofed)? Their tech support people weren't terribly helpful or certain on this one. For instance, it would be good to limit connections to only 2 PCs, as well as by MAC and IP addresses.

Given that time is growing short, I'm hoping someone can confirm these security specs and/or make an experienced recommendation between them (or offer a better selection if warranted) for best overall "g" security. I won't be running any 802.11b devices, so this is a pure "g" environment. I'm looking to stick with proven, quality name brands for support, warranty, and firmware upgrade issues. Have I missed anything?

Many thanks in advance for all comments and/or e-mail replies.


Topic(s):   Privacy & Security
Posted by Jeff Beard

All modern home routers function as NAT devices (it is the simplest of things to implement). The significant additions for both of those router are the SPI features. My guess is that they will be roughly equal on this as well.

Significantly, the Linksys router is based on Linux and some hackers have created new kernels for the device that add significant capabilities, including the ability to shape the bandwidth by protocol. All this is perfectly legal (if a tad unexpected by Linksys) as the software was published under the GPL (as was required). Installing the new software is as easy as updating the firmware (which is actually what they are doing).

Both devices will claim that they can be set so that they will not respond to remote management (from the "Internet"/WAN connection). In at least the case of some competing devices, a default password was still active on that side of things. This wasn't present on the modified kernels from the Linksys hackers.

As far as your ultimate question, if I was interested in hacking the router (and you know I would be tempted), I would go with the Linksys. OTOH, the Netgear is usually about 10-20% cheaper and would be tempting. To my knowledge, the difference in security is insignificant and needn't be considered in your decision.

Posted by: Jack Holmes at July 15, 2004 02:35 PM