Best advice for router/network security in 2017
February 10, 2017 9:04 AM   Subscribe

I'm looking for best advice on securing a home router/home network to connect to a commercial ISP's equipment in early 2017.

We're moving house soon and I'd like to take the opportunity to renew our home network and security. Currently we're using an older D-Link model router, which has worked fine, but is probably near end of life. I treat the behind-the-firewall part as a trusted network and I'd rather not have to change that.

On the current network, we have a couple of (windows 10) computers (wired and wifi), a bunch of Android phones/tablets (wifi), a couple of chromecasts (wired) running our AV, a printer (wired) and a NAS (wired, which doubles as a Plex server). The NAS uses an online service to do periodic backups.

Guest coming over usually want wifi access too, for a mix of phones and various computers.

The new ISP connection will be PPPoE, if that matters.

I'm looking for advice, both in terms of what router/equipment to buy and security policy-wise. Not looking for a commercial grade system, just a good home one.
posted by bonehead to Computers & Internet (3 answers total) 5 users marked this as a favorite
One of the bigger security issues in home routers is that the companies that put out the equipment have security flaws in their management interfaces that they either don't patch or consumers don't bother to apply the patches for. You can get around the out of date firmware issue by getting something compatible with an alternative firmware like DD-WRT, but you still have to stay on top of updating it when it's needed.

If you have the time and knowledge to do it, you can do things with DD-WRT to improve your network security like putting guest devices on a separate VLAN so they can't reach your NAS and the like.
posted by Candleman at 9:11 AM on February 10, 2017

Yes, I have a separate guest wireless network that puts them on a different VLAN. My concern isn't that my friends are going to attack my network, but that someone will unknowingly bring in some kind of malware. I don't want that stuff to have direct access to my NAS, computers, phones, etc. over the local network. I use Ubiquiti stuff for that, I'm not sure how easy it would be to do it with DD-WRT.

To some degree this might be overkill, but if you're technical enough to understand networks, it's not very hard to set up, and I think it's a worthwhile precaution.
posted by primethyme at 9:25 AM on February 10, 2017

Many new routers — like the Linksys WRT1900ACS I just had to buy after a 2009 vintage router just stopped routing — have automatic firmware updates and guest wifi built in.
posted by scruss at 9:42 AM on February 10, 2017

« Older New US Constitution groups/thinktanks   |   Interesting Histories -- how to find more! Newer »
This thread is closed to new comments.