There’s a new variant of the Mirai malware on the loose, which Ars Technica reports “infects webcams, routers, DVRs, and other Internet-connected devices.” Security firm Palo Alto Networks says this derivative of Mirai “is notable for targeting different embedded devices like routers, network storage devices, NVRs, and IP cameras.” Its main targets are commercial gear used by businesses, but many consumer network routers could be vulnerable, too, as a lot of gear ships “with default credentials and run woefully outdated versions of Linux that are rarely, if ever, updated,” according to Ars.
That got me thinking, again, about home network security, and what you can do about it.
As Longtime Sharp VodkaPundit Readers™ know, I’m a big fan of Ubiquiti’s line of UniFi networking gear. It’s robust enough for commercial use, but easy enough for a relative noob like me to set up and maintain. The best part — the most secure part — is that Ubiquiti is always updating their software and firmware. My network this year is more robust and more secure than it was last year, and all I did was install software updates.
I’ve been so happy with it, that I’ve gone all-in on their stuff. Villa Verde now features one UniFi security gateway router, their CloudKey hardware controller (you can also run the controller as software on your Linux/Mac/Windows computer), two high-speed PoE-enabled switches, and now six — six! — WiFi access points hardwired throughout the house. Well, one is outdoors, attached to an outside wall where we put in a new patio and fire pit. There’s nothing like having five bars worth of 5GHz WiFi when you’re blogging in the sunshine on a summer day.
5GHz is faster than the more-prevalent 2.4GHz signal stuff, but it also tends to bounce off of walls rather than travel through them. But the 2.4Ghz frequency is so crowded with so many devices that interference is a real problem. The solution is to have multiple 5GHz access points strategically placed in your home. We have a big house, so I installed six for maximum 5GHz coverage.
That was a lot of work, though, drilling holes in walls and ceilings, and pulling ethernet cable all through the house. If you’re looking for a simpler, but still secure solution, PJ’s own Phil Baker reviewed one company’s mesh gear last year, and here’s how it works:
I decided to try one of the new generation of mesh router systems that seems to have proliferated over the past six months. Each consists of a basic unit placed near the modem and one or two additional satellite units that are placed throughout the home. The concept is that they communicate with each other to deliver the WiFi signal to the remote units, located closer to where you need the strong signal, with each remote broadcasting a WiFi signal as if it was the primary router.
Among the numerous makes are Google WiFi, Eero and Orbi. From my research and speaking with others who had tried all of them, I settled on Orbi, a new product from Netgear, one of the major router brands. It’s the product that’s received the top reviews from a majority of the technology sites.
If I had to do it all over again, I’d probably go mesh. Sadly, that didn’t become a thing until I’d punched all those holes and pulled all that ethernet cable. It’s much simpler to set up a WiFi router next to your cable modem, then plug two or three mesh extenders in wherever your signal is weak. Phil is happy with his Orbi mesh, and the only hesitation I might have recommending it myself is that I’m unfamiliar with how quickly and often Netgear issues security updates.
Ubiquiti also makes a mesh system now, called AmpliFi. It’s well-reviewed, and just like the UniFi line, security updates come fast and frequently. But on the hardware side, AmpliFi does have one drawback. Their mesh gear doesn’t have a dedicated 5GHz back-channel. What that means is, when the mesh devices are moving your data from one device to the other, it comes out of your total available bandwidth. As Phil explained in his review of Orbi:
What distinguishes the Orbi from other extenders is that it has three bands of WiFi, one 2.4GHz and two 5GHz bands. It uses one of the 5GHz bands to communicate between the main and satellite units and is not used to connect to any other WiFi device in your home, providing a super speedy connection to the satellite.
If you have lots of WiFi devices running at the same time, AmpliFi’s lack of a dedicated back-channel could mean slower download speeds. If not, it’s probably a reasonable compromise of price versus superior hardware.
At the very, very least, log into your WiFi router right the heck now and make sure you aren’t using the default user name or password. It’s a simple thing, which many consumers don’t know about. IT professionals do know about it, but many can’t be bothered — with is the easiest way for malware like Mirai to spread and get right into your house.
But if you want to build out a rock-solid WiFi network with security updates you won’t have to think about very hard, Orbi and AmpliFi both look like excellent choices.
Join the conversation as a VIP Member