What do I replace my Airport with?!? Want *secure*

[Wolfpup]

Not sure which forum to stick this in...

Okay, so we've known for a few years that Apple had unofficially canned the Airport line (boo!), but they were still selling them on their site, which I presumed meant they were still getting security updates. (Last was a full year ago, December 2017.)

I just now looked...and they've disappeared from their site. I'm sure they were still selling them within the past few months, but Wikipedia claims they were officially canned in April of 2018.

So...this isn't secure.

What do I replace it will? Routers are a disaster, most companies just do not care about security.

I'm thinking Google Wifi or Onhub? Google's been cranking out monthly updates, and they're focused on security and ease of use, which are all I care about.

Anything better? Any reason not to? (An WPA3 is coming next year, which might mean we need more new routers...)

Google Wifi versus Onhub SEEM to be getting treated the same with software updates, and Onhub is the same price and higher end hardware, should match the same performance my Airport has, but on the other hand Google Wifi is newer, Google branded, and I feel like there's a chance it might get supported longer.

They're both "only" $100 at least.

Any thoughts? I need to replace this now insecure thing fast, obviously :-/

 

[Howard2k]

Most home routers are perfectly capable of providing "adequate" security for "most" cases. Security is obviously not black and white though, it's shades of grey.

Unless you're looking for some specific protection against some specific exploits, I would build a feature list of the other router requirements and work from there.

It's difficult to make specific security recommendations since you don't provide any specifics, but certainly you should be using a multi-layer approach if you have concerns. It's then a question of how many layers and which ones are active.

Ultimately, if someone really needs to get data that you have, there are many options available to them. If ISIS believe that you have nuclear launch codes on your Macbook they're not going to be trying to exploit your wifi network. By the same token, if you're trying to protect yourself against drive-by random attacks, your network really needs to be "secure enough" to deter, arguably. For example - in terms of wifi security, WPA2 is flawed, but my neighbour has an open network, so a random attacker is likely to start there before trying to get to my network.

So whether you're buying "the most secure router out there" or "the least secure router out there" it's still a single cog in a larger machine. WPA3 isn't readily available, and it'll be some time before you can move to WPA3 deployment I would imagine.

 

[techwarrior]

Apple supports products for a few years after they stop selling them. If there is a need for security patches, I expect Apple will provide them...at least 3-4 years.

Next-Gen WiFi (802.11ax aka Gen 6) should be flooding the market this time next year. It offers improvements in speed, range, and avoiding interference. Most should support WPA3, but devices may not support WPA3 for a few years.

I suggest you hold off 1-2 years if the equipment you own now is meeting your needs.

 

[Wolfpup]

Apple supports products for a few years after they stop selling them. If there is a need for security patches, I expect Apple will provide them...at least 3-4 years.

Next-Gen WiFi (802.11ax aka Gen 6) should be flooding the market this time next year. It offers improvements in speed, range, and avoiding interference. Most should support WPA3, but devices may not support WPA3 for a few years.

I suggest you hold off 1-2 years if the equipment you own now is meeting your needs.

Thanks! It does work better than great for me, I'm just concerned about whether it's actually getting security updates, since Apple isn't saying :-/

 

[Mikael H]

Not sure which forum to stick this in...

Okay, so we've known for a few years that Apple had unofficially canned the Airport line (boo!), but they were still selling them on their site, which I presumed meant they were still getting security updates. (Last was a full year ago, December 2017.)

I just now looked...and they've disappeared from their site. I'm sure they were still selling them within the past few months, but Wikipedia claims they were officially canned in April of 2018.

So...this isn't secure.

What do I replace it will? Routers are a disaster, most companies just do not care about security.

I'm thinking Google Wifi or Onhub? Google's been cranking out monthly updates, and they're focused on security and ease of use, which are all I care about.

Anything better? Any reason not to? (An WPA3 is coming next year, which might mean we need more new routers...)

Google Wifi versus Onhub SEEM to be getting treated the same with software updates, and Onhub is the same price and higher end hardware, should match the same performance my Airport has, but on the other hand Google Wifi is newer, Google branded, and I feel like there's a chance it might get supported longer.

They're both "only" $100 at least.

Any thoughts? I need to replace this now insecure thing fast, obviously :-/

My thoughts:
You’re overreacting. If you have the kind of network where Google OnHub is on the shortlist for access points, security probably isn’t your main concern in life. Save your money and keep using your gear until it makes technical sense to replace it - for example when usable wireless network speeds take a meaningful jump.

Concrete security tips now that the Airport product line is dead:
- Make sure you don’t present content via your Airport router’s built-in firewall to the Internet. (It’s most likely good enough if you only want to prevent external access to your internal network).
- If you do need to present services, purchase a separate firewall that does get updates. A good place to start if you don’t want to spend a fortune is pfSense.
- The majority of your network traffic is likely secured by TLS anyway by now. That traffic will not be easily readable even if somebody succeeds in joining your wi-fi network.
- If you care enough about unauthorized devices, a) set a good password, and b) create a separate guest network with a different but still good password that you change now and then. Or c) implement certificate-based 802.1x authentication in your existing networks. It fixes most of the problems of consumer-grade WPA2.

 

[aimbdd]

Not for those that aren’t technically inclined, but I am using the MR2200ac routers from Synology. They are one of the more advanced routers security wise, and already have wpa3 working! They are also mesh routers.

 

[KennethS]

+1 for Synology. I have been using the RT2600ac for nearly 2 years and am very happy.

 

[hobowankenobi]

+1 for Synology. I have been using the RT2600ac for nearly 2 years and am very happy.

+2

Tons of features, including more security options than most users want or would use. Have set up several for SMBs, and all have been rock solid.

 

[mikehalloran]

The sky is not falling.

Those security scares you’re reading about have not affected Apple Time Capsules. Both the pancake and tower receive security updates as needed.

As has been reported, there is a next generation of wireless coming as well as 5G wireless. Wait a couple years.

If you feel the need to spend money now, plenty of vendors out there to help you. From a security standpoint, the Apple TCs do not have an issue.