Best advice for router/network security in 2017
February 10, 2017 9:04 AM Subscribe
I'm looking for best advice on securing a home router/home network to connect to a commercial ISP's equipment in early 2017.
We're moving house soon and I'd like to take the opportunity to renew our home network and security. Currently we're using an older D-Link model router, which has worked fine, but is probably near end of life. I treat the behind-the-firewall part as a trusted network and I'd rather not have to change that.
On the current network, we have a couple of (windows 10) computers (wired and wifi), a bunch of Android phones/tablets (wifi), a couple of chromecasts (wired) running our AV, a printer (wired) and a NAS (wired, which doubles as a Plex server). The NAS uses an online service to do periodic backups.
Guest coming over usually want wifi access too, for a mix of phones and various computers.
The new ISP connection will be PPPoE, if that matters.
I'm looking for advice, both in terms of what router/equipment to buy and security policy-wise. Not looking for a commercial grade system, just a good home one.
We're moving house soon and I'd like to take the opportunity to renew our home network and security. Currently we're using an older D-Link model router, which has worked fine, but is probably near end of life. I treat the behind-the-firewall part as a trusted network and I'd rather not have to change that.
On the current network, we have a couple of (windows 10) computers (wired and wifi), a bunch of Android phones/tablets (wifi), a couple of chromecasts (wired) running our AV, a printer (wired) and a NAS (wired, which doubles as a Plex server). The NAS uses an online service to do periodic backups.
Guest coming over usually want wifi access too, for a mix of phones and various computers.
The new ISP connection will be PPPoE, if that matters.
I'm looking for advice, both in terms of what router/equipment to buy and security policy-wise. Not looking for a commercial grade system, just a good home one.
Yes, I have a separate guest wireless network that puts them on a different VLAN. My concern isn't that my friends are going to attack my network, but that someone will unknowingly bring in some kind of malware. I don't want that stuff to have direct access to my NAS, computers, phones, etc. over the local network. I use Ubiquiti stuff for that, I'm not sure how easy it would be to do it with DD-WRT.
To some degree this might be overkill, but if you're technical enough to understand networks, it's not very hard to set up, and I think it's a worthwhile precaution.
posted by primethyme at 9:25 AM on February 10, 2017
To some degree this might be overkill, but if you're technical enough to understand networks, it's not very hard to set up, and I think it's a worthwhile precaution.
posted by primethyme at 9:25 AM on February 10, 2017
Many new routers — like the Linksys WRT1900ACS I just had to buy after a 2009 vintage router just stopped routing — have automatic firmware updates and guest wifi built in.
posted by scruss at 9:42 AM on February 10, 2017
posted by scruss at 9:42 AM on February 10, 2017
« Older Traveling to Palm Springs with a toddler | Interesting Histories -- how to find more! Newer »
This thread is closed to new comments.
If you have the time and knowledge to do it, you can do things with DD-WRT to improve your network security like putting guest devices on a separate VLAN so they can't reach your NAS and the like.
posted by Candleman at 9:11 AM on February 10, 2017