Hints for better networking (cellular network)

Hi everyone.
In my SOHO I setup this networking:

  • Internet > Android smartphone > Android Hotspot (WIFI) >— LAN PCs connected to each other and the internet via WIFI;
  • in my LAN I use DLNA, DAV, SSH services;
  • I cannot put in place a wired connection.

Now, everything has worked nice but I feel I missed something when coming to security.
I obviously do not trust Android but I do not know how to connect internet.

Any suggestion to make this setup more secure ore to make up a better networking layout?

Thank You!

While product recommendations is not a great idea - it is a matter of preferences and usually quickly made obsolete by improved products.

But since you appear to be looking for a replacement for your android device - I have to point you to a device I use myself for mobile networking. And it is surprisingly well put together.

My Cat Q10

If you are concerned about security strive to connect your devices using WPA-3 if possible.

Well if by security you mean the network security, android makes a NAT so you are practically isolated from outside network attacks.

The setup is easy, but for a lonterm use you might want a more durable solution. There are cheap routers with usb that support usb modems, there are small 4G routers with a slot for sim card too, if that sim is only used for data.

Wow, the selling price is impressive.
I have seen much much cheaper things (around 30-40usd)

WPA is already active.

Quality/security = money

There are not only small 4G or 5G router available. You can even get a full Home Router that has an mobile modem already included. Unfortunately, the 5G Router are kind of expensive at the moment.

I use for for a little more than 4 Monats a “AVM FRITZ!Box 6850 5G” and it works for me. No need for Cable/DSL internet. Of course this model works only in western Europe.

Sure as hell Android is thrustworthy?
Because I have concerns that the OS itself could be planned to esfiltrate data…
Am I paranoid?

And really that NAT is all I need to be safe? So, for exemple no DLNA leaking to the net/discovery from the net?

really? :slight_smile:
even in Linux world? Or was that MS one? :slight_smile:

WPA-3 is the most secure - no pre-shared key sniffing

That is quite possible - I didn’t mention it as a how-low-can-you-go device.

I mention it because it is dependable device - no android - but a commercial product with a good reputation for security.

Access using almost any cellular network, WiFi 6 and WPA3 it doesn’t get much better today.

I never said google is trustworthy. It is about as trustworthy as Apple, Microsoft or Meta, which are not :slight_smile: But it does not send back all your traffic to the mother ship.

If you want full control use linux for your network too. A router with openwrt for example. Or a pi. Or an old pc with pfsense or similar. A million possibilities.

For my personal previous experience, You are usually right.
Nonetheless, it’s really expensive!
Any cheaper setup?

See TP-Link web - they have some sim gear too - and devices after 2020 - I think - is required to support WPA3.

But they only support 4G

As you seek a replacement for your android phone look for a 4G router wi-fi ap - supporting WPA3.

99% of all cellular providers is assigning you an IP on a non-routeable address - you cannot host any services outside your local network - making that attack surface next to none.

You primary concern would be the encryption used when you connect your devices to your wireless network - using WPA3 will reduce that considerably.

The worst that can happen will happen through your interaction with the outside world - e.g. clicking a link in a phishing email - no amount of security will ever protect you from that.

Ok, so my only weakest security point would be the WPA3, then?
If so, I simply have to find out a WPA3 capable WIFI router, right?

No concern for possible attacks from the internet against Android/NAT, in this existing setup?

One more thing I feel missing:
with such WIFI routers, can I also expose (even passively) a web server from my LAN to the internet?

I mean, you can do it dead cheap if you are interested in learning to install open source router software on cheaper hardware, but it seemed that was not the question you asked.

Otherwise, a router does not care what system you use, be it windows, linux or whatever.
If you want pre built HIGH quality networking hardware, it WILL cost money.

No you cannot because

No, I am not for expensive prebuilt boxes or I would have never jumped to Linux 1994, when they were unbootable!
(I read Your profile: some years back gaming on Linux was at least disappointing.
I am a rather casual gamer and used '90s and early 2000s games but usually had very chances, either.
Today, the gaming landscape in Linux is really impressive).

I argue installing your own open source software is the absolute best/cheapest way to get REALLY good protection, but it is NOT easy, hence the high price on pre built stuff.
I suspect 99% of networking online is done with linux software.
Every single router more or less is running linux or some form of UNIX.

If you want to get away cheap you can look into f ex openWRT

I use fiber, so my situation is different from yours, but I got myself one of these death cheap. Again, this is not for everyone, but I am VERY pleased with the suff I can do with it, pretty much the same stuff I would be able to do on an industrial quality router in the class of a few hundred Euro.

Some mobile networks are giving routable ipv6 addresses, but they are minority for now (that means: possible attacks and server hosting, as with every public internet address).

If you buy a 20 eur tplink, i use mr3240 for example, you have to already have the usb modem. It will be another 20 to 50 eur, but there may be some complications.

If you do not, go for the models with sim slot. About 100 eur.

As someone that fiddled about 10 years with this stuff, i strongly advise you to go with the simplest plug n play solution if you do not want a learning curve. (The mifi link above). You will only need to stick a sim card.

P.s. i just assume you are in a country that uses sim cards, like not in the US. Otherwise these models will not work for you.

Thank You everyone, guys!

So I think I will try this setup in the next future:

mobile INTERNET > cheap WPA3 router with 4G-SIM > RPi 2or3 with WIFI dongle (WAP3) > LAN

it seems insulated enough from outside.
Can Rpi make use of a SIM adapter?