cross-posted from: https://lemmy.ml/post/40568699
After some consideration, I've decided to replace my consumer router at home with an OpnSense box I control, and use the consumer router as just an access point. The model I have doesn't seem to support OpenWrt but the default firmware supports access point mode complete with mesh functionality, otherwise I would have just installed OpenWrt on it. I still like the consumer router's mesh Wi-Fi capabilities, especially the wireless range extender, but don't trust it enough to let it be the actual root device separating my home network from the open internet. My reasoning is that by having it behind the OpnSense router, I can monitor and detect if it's exfiltrating any "analytics" data and block them. Worst case scenario I realize it's too noisy with the analytics and buy a proper business grade access point, or an M.2 Wi-Fi 6 card with some beefy antennas.
Now I'm trying to decide if I should use one of my old mini PCs or if I should get a brand new one with an up to date processor and microcode. The biggest reason I don't want the consumer router to be the root device anymore is because I don't know how well they patch their firmware against attackers constantly scanning the internet for vulnerable devices. I imagine an open source router OS with tons of eyes on it and used by actual professionals would inherently be more secure than whatever proprietary cost cut consumer firmware my current router has. I've already picked out a suitable mini PC I'm not using and the reason I even started down this rabbit hole is because I have it, but after thinking more about it, I'm worried that whatever security I gain might be undermined by the underlying hardware being old and outdated, especially since the processor is definitely pre Spectre/Meltdown and I doubt it's still getting microcode or firmware updates.
Again, the reason I ask is because the internet really wants me to think old disused computers are perfect for converting into routers, and I really don't want to buy a new computer if I don't have to. How important is the hardware for a router? Can I expect OpnSense to have sufficient security on pretty much any hardware or will a sufficiently old computer completely defeat the purpose of even switching away from the consumer router?
Alternatively, I also have another mini PC with a Ryzen 5 from 2020, and I can reposition it from its current job to router duty, though it would definitely be overkill and wasting the hardware capabilities. Would that be substantially more secure than an older Intel processor?
I also have a Raspberry Pi 4 I can put OpenWrt on, would that somehow be more secure than an older x64 computer?
The hardware is only as vulnerable as access to it is easy. If hackers cannot get in, it doesn't really matter if the hardware is vulnerable. (yes, I know, swiss cheese model, yadda yadda) Besides, things like spectre are hard to pull off. They're not going to be trying it to compromise your router unless they know you have something very valuable behind it and cannot get traffic through otherwise yet still somehow are executing code on your router.
Both Meltdown and Spectre have software patches these days. In any case, can you not turn off hyperthreading and other features that make the old hardware vulnerable in the first place if you're so worried about it?
(This person ignores iconvenient truths. Talking to them is pointless)