Recommend WiFi Router that's immune to Brute Force..?

[Thelps]

Can anyone recommend a WiFi Router with above average WiFi encryption that also supports Password Lockouts?

That is to say, a Router that will deny further password attempts for, say, 10-30 minutes, after a maximum number of failed password attempts (say, 5 or 10 attempts).

Coupled with a strong password, such a router would be effectively un-hackable via brute-force methods.

-I'd also appreciated a router that lets me manually configure the Routing Table on the device itself.

-Physical WiFi Off Switch is a bonus.

The more security features, the better.

Would be nice if you also knew of some routers that are much harder than usual to have their password 'sniffed' or their initial auth handshake captured.

 

[Lutfij]

Immunity from Brute Force would be a myth, honestly since anyone with the right tools can effectively break through. My question is, have you been attacked before or is it just a concern you have with your data?

 

[Spinachy]

Hackers usually do not use brute-force attacks (e.g. by guessing passwords) to get control of your router. They use undocumented pathways that the manufacturer typically does not even know exist.

There is NO hack-proof router, since hackers are constantly finding new attack vectors. A responsible manufacturer publishes updated BIOS's for their router as these attacks are found. You can then choose to download these.

I personally like the higher-end ASUS routers (maintained from Taiwan), since these get regular security updates from the manufacturer. AVOID CHEAP CHINESE ROUTERS.

 

[bill001g]

The largest exposure is WPS which you need to disable...be nice if this was disabled by default but it is a feature for stupid/lazy people so router manufactures have kept shipping it even though they know it is completely flawed.

Capture of the initial handshake does no good really the shared keys are not actually transmitted. Both ends in effect transmit a random number encrypted with the key. If the remote end does not have the proper shared key it will not know the correct random number and the handshake will fail.

Most the problem with a shared key system is the people not the technology. Someone will tell someone else the key.

If that is your concern just set the wifi to "enterprise" mode. It then uses a radius server and every user has their own user id and password to setup the initial handshake.

 

[Thelps]

So... Ideas for good routers?

I edited my initial post to mention I'd prefer a Router that allows me to manually configure the Routing table on the device itself...

 

[jsmithepa]

Most routers have mechanism to only allow access from the LAN side, no WAN, so in order to make the attempt, they have to get in your LAN first. But if they are already in your LAN, you are already done for. Brute force may work on 4 digital passwords, give is a simple 8 digits and you are good to go.

Sometimes the media write stuff to rouse the newbie to get looks, but all these router hack they are talking about is really about people leaving default password on, or no password, or password like 1-2-3-4. If u make those simple mistakes, you deserve to he hacked.

 

[jsmithepa]

So... Ideas for good routers?

I edited my initial post to mention I'd prefer a Router that allows me to manually configure the Routing table on the device itself...

Ubiquiti is a known brand that sell routers a notch above what you can get from Best Buys.

What routing table are u talking about? are we talking about a home-style WIFI router, 1 WAN IN, 1 LAN OUT, or do we need more than 2 interfaces? multiple subnets?