[SOLVED] How to keep my system safe from possible malware & virus infected devices on my network

[5tealth]

Hi!

Quick introduction related to my question: My household has zero clue about internet security and IT in general, and their systems (notebook, phones) constantly get malicious softwares/codes due to their unresponsible internet activity.

How could I prevent my devices getting infected by their devices through our network? As far as I know, malware can spread through network, so there's a high chance my system can get infected by them, tho MalwareBytes currently says my device has no issue. Would a paid Firewall software prevent all these happening? I also noticed that my PC communicates with their systems, even tho I set my network to Public Network and disabled UPnP in my router, so there shouldn't be any communication between our devices as far as I know, but I might be wrong.

Any solution for this problem? A separate network and router is not an option sadly, and I know... to close out any risk, the only solution is to stay offline.

 

[kanewolf]

Hi!

Quick introduction related to my question: My household has zero clue about internet security and IT in general, and their systems (notebook, phones) constantly get malicious softwares/codes due to their unresponsible internet activity.

How could I prevent my devices getting infected by their devices through our network? As far as I know, malware can spread through network, so there's a high chance my system can get infected by them, tho MalwareBytes currently says my device has no issue. Would a paid Firewall software prevent all these happening? I also noticed that my PC communicates with their systems, even tho I set my network to Public Network and disabled UPnP in my router, so there shouldn't be any communication between our devices as far as I know, but I might be wrong.

Any solution for this problem? A separate network and router is not an option sadly, and I know... to close out any risk, the only solution is to stay offline.

A second router could be an option. If you have a wired connection, then putting a second router with that wire on the WAN port would treat your home network as "the internet" . You would have hardware isolation. If you have a WIFI connection, it is a little harder. You have to find a device which will receive WIFI as the "WAN". There are some available, but they are more specialized.

 

[5tealth]

A second router could be an option. If you have a wired connection, then putting a second router with that wire on the WAN port would treat your home network as "the internet" . You would have hardware isolation. If you have a WIFI connection, it is a little harder. You have to find a device which will receive WIFI as the "WAN". There are some available, but they are more specialized.

Currently the setup is looking like that:
- the internet provider installed a very basic router with only one gigabit ethernet port and one 100 mbit/s (fast ethernet) port. Because I needed two gigabit port for my brother's and my pc, I installed a second router, and put the first router into bridge mode, that was the only option that the internet provider allowed me to do, they insist that the connection has to go through their device at some point, they are limiting my options with that basically, probably because it's a PPPoE connection or idk their reason. Now every device either with wireless or wired connection connects to that new router.

Even in this situation, the best solution would be to add a new router that only my device would connect to and let the others to use the other router? Even if both router are connected to the first router which is in bridge mode currently?

Sorry if I'm overcomplicating it, I'm just "chasing" maximum security.

 

[kanewolf]

Even in this situation, the best solution would be to add a new router that only my device would connect to and let the others to use the other router? Even if both router are connected to the first router which is in bridge mode currently?

Yes. What I would recommend is that you buy a simple gigabit switch. Place that where your router is today. Put the ISP router back to router (non-bridge). The switch will provide multiple gigabit wired connections. Your brother and your PC can connect to the switch. Then where the ethernet cable comes to your PC, put the router you have today with the link to the switch on the WAN port. Factory reset your router before doing this so that it will DHCP on the WAN.
IF you need the WIFI capabilities of your existing router for the entire family, then you would leave it as is, and put a second router with the WAN port back to the current router.
Used Asus routers like the RT-AC68U are available on E-Bay for cheap. They will run Merlin firmware -- https://www.asuswrt-merlin.net/ for the best security.

 

[5tealth]

Yes. What I would recommend is that you buy a simple gigabit switch. Place that where your router is today. Put the ISP router back to router (non-bridge). The switch will provide multiple gigabit wired connections. Your brother and your PC can connect to the switch. Then where the ethernet cable comes to your PC, put the router you have today with the link to the switch on the WAN port. Factory reset your router before doing this so that it will DHCP on the WAN.
IF you need the WIFI capabilities of your existing router for the entire family, then you would leave it as is, and put a second router with the WAN port back to the current router.
Used Asus routers like the RT-AC68U are available on E-Bay for cheap. They will run Merlin firmware -- https://www.asuswrt-merlin.net/ for the best security.

Thank you, I'll do that.