Question Secured router setup suggestion

Ainez

Prominent
Sep 26, 2020
101
5
585
Hi,
For security reason, I've already changed the following settings,
  1. Login username and password changed
  2. Default network name changed
  3. UPnP disabled
  4. PPTP, L2TP and IPsec passthrough for vpn disabled
  5. Forbid Ping Packet From LAN & WAN Port selected
  6. In the local management rules, selected 'Only the PCs listed can browse the built-in web pages to perform Administrator tasks' and set PC MAC address in the other MAC address box.
* ARP binding disabled.
*Access control rule management - Default Filtering Rules 'allowed'
*Dos protection kept disabled.
*Remote management - cannot just disable, and has changeable port and IP address option. Idk what to change into.
*I couldn't update the firmware for not having any choice in the TP-link website for the region.

These are the settings I changed so far. Please let me know if there is any thing else that needs to be altered.
 
You actually missed one of the most important you need to be sure WPS is turned off. That is how the neighborhood kids hack network to get past their parent content filters. This feature should have been removed as soon as they found it was fundamentally insecure. But because you have so many idiots and so many silly devices like wifi light bulbs they left it so they don't have to do the "extremely hard" task of putting in their SSID and password :(

Some of the other stuff might make your router hard to use. Game consoles are extremely dependent on the UPnP to function. You also have to be careful about filtering rules if you have a high speed internet connection. Routers use a special feature that lets the traffic bypass the cpu chip. If the cpu needs to see it you many times will be capped at about 200mbps even on very fast routers.
 
  • Like
Reactions: SamirD and Ainez

Ainez

Prominent
Sep 26, 2020
101
5
585
You actually missed one of the most important you need to be sure WPS is turned off. That is how the neighborhood kids hack network to get past their parent content filters. This feature should have been removed as soon as they found it was fundamentally insecure. But because you have so many idiots and so many silly devices like wifi light bulbs they left it so they don't have to do the "extremely hard" task of putting in their SSID and password :(
I use cable connection, that's why deactivated the WiFi; the WPS enabled though. Since they don't expect it, hackers must be having lots of fun, I can only imagine.
 
I too keep my wifi off except when I am actually using it. Still routers are pretty safe in general because they are stupid. Just the NAT protects you internal machines and most routers no access to the router itself from the outside. If you are trying to protect against a attack from the inside then you have a much larger problem than the router.
 
  • Like
Reactions: SamirD

Ainez

Prominent
Sep 26, 2020
101
5
585
I too keep my wifi off except when I am actually using it. Still routers are pretty safe in general because they are stupid. Just the NAT protects you internal machines and most routers no access to the router itself from the outside. If you are trying to protect against a attack from the inside then you have a much larger problem than the router.
Good thing that there's NAT. To fend off targeted inside attack, have to become pro or close.
 
  • Like
Reactions: SamirD