[SOLVED] Does a secondary router improve security?

thefranks5

Honorable
Mar 6, 2019
3
0
10,510
I have an wireless/wired router in my home. It works great.

I also have a second cable router on hand.

Q: Does adding a secondary router, behind the primary router, improve security significantly.

If utilized, I'd need to disable the DHCP on the secondary and give it an alternate address.

The idea is, when I'm working on banking, investments, etc., I'd hard wire the connection through the secondary to make it more secure. But, I'm not sure if this is true or a myth.

Thanks you in advance for your insights.
 
Solution
As mentioned above the key to security is using your computer correctly. The HTTPS is end to end encryption the data is protected between your pc and the final server. Almost all sites have moved to https mostly because the government got caught spying but it keeps the bad guys out also.

Direct attacks from the internet are not real effective against computers anymore since almost everyone has basic firewalls and antivirus. Microsofts default that come with windows 10 stops most stuff. All the other internet enable junk like lights and washing machines etc are not as secure. BUT this is not a huge concern because almost nobody runs without a router. Just a single router blocks attacks from the internet. It does this...
Well it will only be more secured if you NAT it AGAIN, which means a separate subnet (introduces more complication) and 2nd DHCP will be needed.

For the purpose you describe it doesn't matter. When you do banking, your browser will enable HTTPS, the "S" stands for encryption and that's enough. If you have account info in files, I suggest don't save them in plain text but encrypted as well. Word/Excel for example have built-in save-with-encryption.
 
As mentioned above the key to security is using your computer correctly. The HTTPS is end to end encryption the data is protected between your pc and the final server. Almost all sites have moved to https mostly because the government got caught spying but it keeps the bad guys out also.

Direct attacks from the internet are not real effective against computers anymore since almost everyone has basic firewalls and antivirus. Microsofts default that come with windows 10 stops most stuff. All the other internet enable junk like lights and washing machines etc are not as secure. BUT this is not a huge concern because almost nobody runs without a router. Just a single router blocks attacks from the internet. It does this mostly because it is stupid. It gets data from some attacker on the internet and does not know which of the machines inside your house to send it to so it just throws it away.

Adding a second router is really only for those that are paranoid. In theory at least there could be a bug in the first router that a attacker could use to open a hole. They could then attempt to attack your internal machines and find a second exploit. You would of course need to have 2 different manufacture routers running on 2 different firmware levels to avoid that.

Almost all the current attacks exploit the weak link in the chain. It is not the computer or the routers it is the human behind the keyboard. Most try to trick you into opening stuff or going to sites you should not.
 
  • Like
Reactions: anotherdrew
Solution
Well it will only be more secured if you NAT it AGAIN, which means a separate subnet (introduces more complication) and 2nd DHCP will be needed.

For the purpose you describe it doesn't matter. When you do banking, your browser will enable HTTPS, the "S" stands for encryption and that's enough. If you have account info in files, I suggest don't save them in plain text but encrypted as well. Word/Excel for example have built-in save-with-encryption.

Thanks for the response and suggestions regarding encryption, jsmithepa.
 
As mentioned above the key to security is using your computer correctly. The HTTPS is end to end encryption the data is protected between your pc and the final server. Almost all sites have moved to https mostly because the government got caught spying but it keeps the bad guys out also.

Direct attacks from the internet are not real effective against computers anymore since almost everyone has basic firewalls and antivirus. Microsofts default that come with windows 10 stops most stuff. All the other internet enable junk like lights and washing machines etc are not as secure. BUT this is not a huge concern because almost nobody runs without a router. Just a single router blocks attacks from the internet. It does this mostly because it is stupid. It gets data from some attacker on the internet and does not know which of the machines inside your house to send it to so it just throws it away.

Adding a second router is really only for those that are paranoid. In theory at least there could be a bug in the first router that a attacker could use to open a hole. They could then attempt to attack your internal machines and find a second exploit. You would of course need to have 2 different manufacture routers running on 2 different firmware levels to avoid that.

Almost all the current attacks exploit the weak link in the chain. It is not the computer or the routers it is the human behind the keyboard. Most try to trick you into opening stuff or going to sites you should not.

Thank bill001g for the additional insights on routers and security. The routers are from two different manufacturers, but it sounds like it would not be time well spent trying to set it all up.

And you're definitely right, the email hackers have become much more tricky, subtle and sophisticated over the past few years. They work hard to impersonate legitimate companies, hijacking their logos and letterhead images, etc. Like everyone, we get hit with them multiple times every day.

Thanks for the additional insights and warning.

God's peace to you.