If I am relying on it, I buy from brands I trust. No brand is going to be perfect but some are clearly going to be lower risk than randoms from aliexpress. Its as much to do with reliability, achievable duty cycle (rather than promises of duty cycle), support (especially how easy it is to get a replacement under warranty), how long they will push firmware updates for, than just security trustworthiness.
Pretty much any device is going to have a vulnerability or potential for a back door at some point but the company being transparent about the issue and fixing it promptly is worth a lot. Its the same reason I would have a Google or (premium) Samsung phone, I trust that they will support the phone for the time period they say they will, something I would not do with say Oneplus based on my past experience of them.
I buy electronics from aliexpress all the time, but nothing I rely on day to day like a router, simply because I am shit out of luck getting it replaced quickly if it goes wrong, even if I want to get a replacement. I have a cheap mikrotik hex I keep as a backup of a backup (my APs are my primary backup for my router), and this is fine for a week or so but I would not want to be out a month or more with it.
I guess you could plan in proper redundancy as I have, or may be you can afford a an outage, so may be you don’t need that. If I cannot work, I cannot earn, so I have backup internet, routers, wifi etc. planned into my install.
I think what someone else wrote about defense is depth is the real key here. I have my network divided into separate VLANs that are firewalled off from each other, so one for IoT, one for cameras, one for my TVs and other screens, one for my devices. This means if something is compromised they still have to get across the network and it simplifies my firewall rules as I am applying them to subnets rather than individual devices in a self maintained group. It makes it easier to say block external DNS queries and redirect to my pihole for my IoT and TVs but not my personal devices as I would have a good reason to go external.
May be you do not have a lot of devices, I realize I am nearer the upper end of a home network with over 50 active devices and it will be over kill if you only have a laptop and a phone on your network.
If I am relying on it, I buy from brands I trust. No brand is going to be perfect but some are clearly going to be lower risk than randoms from aliexpress. Its as much to do with reliability, achievable duty cycle (rather than promises of duty cycle), support (especially how easy it is to get a replacement under warranty), how long they will push firmware updates for, than just security trustworthiness.
Pretty much any device is going to have a vulnerability or potential for a back door at some point but the company being transparent about the issue and fixing it promptly is worth a lot. Its the same reason I would have a Google or (premium) Samsung phone, I trust that they will support the phone for the time period they say they will, something I would not do with say Oneplus based on my past experience of them.
I buy electronics from aliexpress all the time, but nothing I rely on day to day like a router, simply because I am shit out of luck getting it replaced quickly if it goes wrong, even if I want to get a replacement. I have a cheap mikrotik hex I keep as a backup of a backup (my APs are my primary backup for my router), and this is fine for a week or so but I would not want to be out a month or more with it.
I guess you could plan in proper redundancy as I have, or may be you can afford a an outage, so may be you don’t need that. If I cannot work, I cannot earn, so I have backup internet, routers, wifi etc. planned into my install.
I think what someone else wrote about defense is depth is the real key here. I have my network divided into separate VLANs that are firewalled off from each other, so one for IoT, one for cameras, one for my TVs and other screens, one for my devices. This means if something is compromised they still have to get across the network and it simplifies my firewall rules as I am applying them to subnets rather than individual devices in a self maintained group. It makes it easier to say block external DNS queries and redirect to my pihole for my IoT and TVs but not my personal devices as I would have a good reason to go external.
May be you do not have a lot of devices, I realize I am nearer the upper end of a home network with over 50 active devices and it will be over kill if you only have a laptop and a phone on your network.