Question Router Buying/Set-Up Routes


Feb 6, 2016

I need your knowledge on understanding how I can set up a secure and efficient network. Please see below the configuration we are working with. General use such as internet access, media and gaming. The knowledge required for this requires a current understanding of today's products

Is a VPN router the only solution?
Is the NETGEAR RP614 Firewall router obsolete?

It starts with the internet at DSL into a ISP provided router.

The router is connected to:

Ethernet connections:
  • SmartTV
  • Xbox One
  • PowerLan Plug > Desktop PC
Wi-Fi broadcasts from the
  • ISP router
  • TP Link extender
Current measures:
The ISP router has been renamed to make it non-identifiable by its hardware.
The Wi-Fi is split into two rather than autonomous switching.
The channels for our 2.4/5Ghz are seperated from all neighbors channels.
Windows 10 Defender negates the needs for an Anti-Virus.
Android Devices have security software built in and negates the need for an Anti-Virus.
Neither OS's and devices have paid VPNs.
Passwords are extremely strong and routinely changed.
In general you don't need a firewall. The NAT function in the router prevents any direct attack. This is purely because NAT is simple and stupid. Any traffic coming into the router from a external source that a internal machine did not first talk to has no entry. The router does not know which internal machine to give it to so it just drops it.

Almost all internet traffic is encrypted. Nobody can see what you are actually doing. This include the firewall so any so called "deep packet inspection" can not happen so the firewall can not really filter content. The one small hole DNS. The ISP and others can spy on the DNS requests. This lets them see the name of the site especially when the site is hosted in a data center and mulitple sites use the same IP ranges. Chrome and firefox both support encrypted DNS. You need to use as your dns server and you might have to turn the feature on in the browser. Hard to say this is kinda a new feature so they have been changing things.

VPN is mostly to get past restrictions or to hide you ip from the servers you talk to. Many people for example want to watch netflix outside the country. You also have a number of people doing illegal stuff like running torrents. I mostly used it when there was a private voice server the owner could see your IP and some of those gamer guys are nuts. Now that everyone uses discord it is not as much a risk.

So pretty much unless you have some very compelling reason you need nothing special. Any stupid router will mostly protect you. The firewalls built into windows are good enough for most people.

A note on the wifi channels. You only THINK you are not overlapping the neighbors. Most tools only show the channel the router sends the beacons on. The channel numbers on 2.4g represent 5mhz of bandwidth but modern routers use 40mhz. This means they use 2/3 of the bandwidth making it impossible to not overlap. On 5g the channels are 20mhz but 802.11ac uses 80mhz. This means there are only 2 blocks that do not overlap. In addition the new wifi6 devices use 160mhz which pretty much guarantees a overlap. Still there is nothing you can do about this you just try to pick some channels that work for you.
Reactions: SamirD