Re: No surprise with Netgear
"Anyone have recommendations?"
It depends entirely on the level of control you want/need. I have an ancient (seven years old...) Apple AirPort Extreme wireless access port. It has three Gigabit Ethernet LAN ports and a Gigabit Ethernet WAN port. It runs 802.11n. It has a single USB 2 port. It is controlled by Apple's AirPort Utility software, and does NOT have access via a HTML page. It is still supported by the latest APU version, though I use an earlier version 'cause Apple, in its infinite wisdom, removed some features from the latest version. Because there is no access via a webpage, a lot of common attacks fail from the get-go. You _must_ have some version of the APU or you can't access an APE. Furthermore, the first thing that shows up when you connect to a new APE for the first time is the login page... and you _must_ change the password. (Yes, you can go back to the default, by reseting the APE either by software or by using the paperclip hole hardware method; the first time you connect to it after reseting, you have to change the password. Again.) You are also invited to change the name of the device. And, yes, the wireless system supports WPA2 and requires a wireless key which should be different from the access password for the device. It's beginning to show signs of age, mostly dropouts and weird dead zones, and one of the LAN ports works when it feels like it, so it's been replaced by a nice shiny new APE. This one uses the same software, also has three Gigabit LAN and one Gigabit WAN port(s), and still has the single pitiful USB 2 port. However, it has dual channel 802.11ac and full IPv6 support. The pitiful USB 2 port supports printers and external hard drives, and the APU software will configure printer or disk sharing, so you can have a NAS by just adding an external drive (or more than one, if you use a hub) so long as you're willing to live with the pitiful performance of the USB 2 port. (Yo! Apple! USB 3 exists!) Allegedly there can be problems with external drives larger than 3 GB. I have not encountered such problems, but that doesn't mean that they don't exist for some people. There is a Windows client and a iOS client, but not, so far as I know, Linux or Android clients, so those using Linux or Android probably can't set up an APE. They can, however, access one, including accessing any drives or printers connected to the pitiful USB 2 port.
Basically, Apple supports their hardware for a Very Long Time (I'm given to understand that APEs much older than my old 802.11n unit are still supported, but don't have one handy to test) and forces you to at least consider security and can't be attacked using standard methods as it simply doesn't have HTML access. On the other hand, Apple is Apple and loves to delete features because they can, and that USB 2 port really annoys me. (What? You noticed that already?) if you want the freedom to hack the box and install your own custom system and generally roam wild, go elsewhere. If you just want something which plugs into your network and quietly works and is hard for unauthorized persons to get into, while delivering good speed and NAS capabilities, then an APE may be the box for you.
Note that the AirPort Express is an entirely different device, and probably isn't what you're looking for unless you want to stream music over your network the Apple way and only the Apple way.