The two members of Congress called on the Commerce Department to investigate risks related to TP-Link routers amid concerns over state-backed Chinese hacking operations.
American Alphabet Soup backdoors good, Non-American Alphabet Soup backdoors bad.
We could just ban the idea “companies that have open vulnerabilities for corporate and government use” but that would benefit every citizen of every nation, so no.
If there’s a backdoor for the FBI, there’s nothing to stop Russia and China to also not use it. Same for a Chinese backdoor, nothing to prevent America from figuring it out. It’s why China bans American companies, and we’re phasing out Russian and Chinese companies.
It’s impossible for an open door to know who’s using it, and keys for a closed one can be copied and leaked. The safest way to garuntee noone else uses a backdoor, is to not have a backdoor.
If you’re not afraid of picking up a wrench yourself:
I just switched to an OPNSense router on protectli hardware.
You don’t have to use something like that to use OPNSense though, you can just put it on nearly any old machine with a couple of nics. The out of the box config isn’t terrible and you can find a ton of guides on how to set yourself up securely.
I’ve been using DD-WRT for many years and just moved to OpenWRT. Although there have been various generic vulnerabilities that effected all IP devices and needed to be patched on these platforms too, I can’t remember a single vulnerability that was specific to either DD-WRT or OpenWRT.
I use Linksys myself as I originally heard that they’re pretty up there in security, but I’ve heard from a few people that they’re not as good as they used to be. I’m only a cybersec hobbiest and haven’t been a customer for long, so I couldn’t tell you much more.
+1 for MikroTik, they’re based in the EU (Riga, Latvia to be precise) and have a really good reputation. And they’re really cheap, while offering many features that can otherwise only be found on Cisco enterprise equipment.
The ones that you build yourself and load with free & open source software. Basically any x86 PC or even ARM SBCs like the Raspberry Pi can work as a router, as long as you have 2 separate network interfaces. There are quite a few FOSS router/firewall operating systems like OpenWRT, dd-wrt, pfSense and OPNSense (my personal favorite). If you don’t want to do this yourself, there are companies like Protectli that offer dedicated pre-built hardware that’s ensured to be compatible with pfSense/OPNSense and comes Coreboot pre-installed.
What routers are trustable?
Whatever one the NSA has compromised
American Alphabet Soup backdoors good, Non-American Alphabet Soup backdoors bad.
We could just ban the idea “companies that have open vulnerabilities for corporate and government use” but that would benefit every citizen of every nation, so no.
If there’s a backdoor for the FBI, there’s nothing to stop Russia and China to also not use it. Same for a Chinese backdoor, nothing to prevent America from figuring it out. It’s why China bans American companies, and we’re phasing out Russian and Chinese companies.
It’s impossible for an open door to know who’s using it, and keys for a closed one can be copied and leaked. The safest way to garuntee noone else uses a backdoor, is to not have a backdoor.
If you’re not afraid of picking up a wrench yourself:
I just switched to an OPNSense router on protectli hardware.
You don’t have to use something like that to use OPNSense though, you can just put it on nearly any old machine with a couple of nics. The out of the box config isn’t terrible and you can find a ton of guides on how to set yourself up securely.
Any of this work on mesh systems?
I’ve been using DD-WRT for many years and just moved to OpenWRT. Although there have been various generic vulnerabilities that effected all IP devices and needed to be patched on these platforms too, I can’t remember a single vulnerability that was specific to either DD-WRT or OpenWRT.
I use Linksys myself as I originally heard that they’re pretty up there in security, but I’ve heard from a few people that they’re not as good as they used to be. I’m only a cybersec hobbiest and haven’t been a customer for long, so I couldn’t tell you much more.
Shameless plug - MikroTik
+1 for MikroTik, they’re based in the EU (Riga, Latvia to be precise) and have a really good reputation. And they’re really cheap, while offering many features that can otherwise only be found on Cisco enterprise equipment.
The ones that you build yourself and load with free & open source software. Basically any x86 PC or even ARM SBCs like the Raspberry Pi can work as a router, as long as you have 2 separate network interfaces. There are quite a few FOSS router/firewall operating systems like OpenWRT, dd-wrt, pfSense and OPNSense (my personal favorite). If you don’t want to do this yourself, there are companies like Protectli that offer dedicated pre-built hardware that’s ensured to be compatible with pfSense/OPNSense and comes Coreboot pre-installed.