[SOLVED] Do I Need A Second Router?

[Engine1944]

Currently I have computers, phones and a home security system connected to our router. I need to upgrade the security of the computers. Would putting them on a separate router be a good idea? Thanks.

 

[bill001g]

It would mostly just make things more complex. A router by itself offers little additional security. You could buy a firewall device and that might help but you have to clearly define what security risk you have between your machines. A firewall only does what you tell it to. By default most allow all traffic between all devices.

For most people you do not need a high level of security inside your house. The router and security software on the end devices prevent attacks from outside your house.

 

[Engine1944]

It would mostly just make things more complex. A router by itself offers little additional security. You could buy a firewall device and that might help but you have to clearly define what security risk you have between your machines. A firewall only does what you tell it to. By default most allow all traffic between all devices.

For most people you do not need a high level of security inside your house. The router and security software on the end devices prevent attacks from outside your house.

One of my concerns with the existing router is that the security system people and perhaps some others have periodic access to it. That makes me uncomfortable. With a second router, only I would have access and only our computers would interact with it. Thanks.

 

[bill001g]

Your traffic must always flow through the main router so adding a router in front does not prevent someone very determined from getting to your data. Then again you need to assume any data on the internet in being captured and used for invalid purposes. Pretty much always using HTTPS solves most those concerns.

You can also set the firewall security on your pcs to be public network rather than private this increases what is allowed. If you think they are loading software into the router or security devices and then attempting to hack you that would help that.

You could put a second router in and hook its wan to the main router. You would then only allow your devices to hook to this second router. It in effect put the devices that are on the main router on the internet from the view point of your devices connected to your new router.

Be aware running 2 routers in your house can cause issues for some applications. Mostly this is game consoles .

 

[hackster]

It sounds unusual in that the providers of the security system are providing the router. I'd be inclined to use another router that you own and they don't have access to, and connect their system to it. If the use of their own router really is a requirement for their system then you could plug their router into the LAN side of yours. This way everything else would only see one router.

I too would be uncomfortable with a third party controlling my network.

 

[Engine1944]

It sounds unusual in that the providers of the security system are providing the router. I'd be inclined to use another router that you own and they don't have access to, and connect their system to it. If the use of their own router really is a requirement for their system then you could plug their router into the LAN side of yours. This way everything else would only see one router.

I too would be uncomfortable with a third party controlling my network.

The router was supplied by the ISP. I need to learn more but, at the moment, I think I will buy my own router. My computers would go on the Private network and everything else would go on Guest network. Is that a step in the right direction?

 

[hackster]

I wouldn't worry. Using the ISP's own router is very normal.

If you really wanted to go down the route of buying your own, then one option may be to replace the ISP's own modem/router entirely, depending on what connection method you use and what your ISP's policies are.

Alternatively, it may be possible to get the ISP's modem/router to operate in modem-only mode, then you can add your own router to it without any complications.

 

[SamirD]

The router was supplied by the ISP. I need to learn more but, at the moment, I think I will buy my own router. My computers would go on the Private network and everything else would go on Guest network. Is that a step in the right direction?

I think this would be a good move, as well as putting a second router downstream (connected to a lan port) from the isp router as the isp would then have to get past your router to see your computers. The caveat with this is that you would have a double nat.

 

[hackster]

The caveat with this is that you would have a double nat.

Not if the ISP's modem is able to operate in modem-only mode. Some can, some can't.

 

[SamirD]

Not if the ISP's modem is able to operate in modem-only mode. Some can, some can't.

But then you don't have separation without using vlans. I prefer routing to vlans when it comes to security since vlan tags can be easily forged.

 

[hackster]

Now you've lost me. I'm talking about keeping the ISP's modem, and plugging a router into it. Exactly like everyone used to do before combined modem/routers were invented.

The router would apply NAT to everything connected to it.

I don't understand why you mention vlans.

 

[Engine1944]

Now you've lost me. I'm talking about keeping the ISP's modem, and plugging a router into it. Exactly like everyone used to do before combined modem/routers were invented.

The router would apply NAT to everything connected to it.

I don't understand why you mention vlans.

Thanks

 

[kanewolf]

The router was supplied by the ISP. I need to learn more but, at the moment, I think I will buy my own router. My computers would go on the Private network and everything else would go on Guest network. Is that a step in the right direction?

Home routers typically only have guest for WIFI. That can help if you have mostly WIFI devices.