Question Topology for router, ISP server, and VPN ?

[garyknowz1]

Hello all! Obviously, I'm trying to secure my privacy. I have an new ATT Gateway but have had security issues in the past with ISP provided hardware. I'm not a techie, especially in terms of networking, but have had some experience (likely outdated, though). I'm trying to set up a secure network, but not sure of the topology to set it up. I have Express VPN and am looking for a good router (any suggestions are appreciated). Then, a diagram and help to set this up.
Thanks!
Gary K

 

[bill001g]

I guess it depends on what you think the issue is with the ISP provided hardware. At most the ISP themselves have remote configuration access to help consumers who do not even gave basic computer skills. I guess some corrupt person at the ISP could do something the are not support to.

If that is your worry just put your own router in front of the ISP router and turn off the wifi radios in the ISP router. You are now in full control of the router settings and anything on your lan network is protected from anything on the ISP router because it hooked to the wan port of your router and is considered internet.

In general that is all you need. All the traffic from your machines is likely encrypted via HTTPS so nobody in the path including the ISP can really see what you are doing. You can also use the newer feature in windows to use encrypted DNS. It is also a option in most browsers. You would set the DNS to use 1.1.1.1 and then set it to be encrypted. Since you no longer look up the names of web sites on your ISP router they can't even see the sites you are accessing. They can of course see the IP addresses which might let them figure out what site you are using but many of these just map back to large cloud data centers like google or amazon.

You should not need expressvpn unless you are using it to say get past restrictions..like you want to watch netflix in another country.

In general I would not worry much about the ISP router. Just be sure to always use HTTPS and change the DNS to something other than you ISP DNS and/or use the encryption option.

 

[garyknowz1]

I guess it depends on what you think the issue is with the ISP provided hardware. At most the ISP themselves have remote configuration access to help consumers who do not even gave basic computer skills. I guess some corrupt person at the ISP could do something the are not support to.

If that is your worry just put your own router in front of the ISP router and turn off the wifi radios in the ISP router. You are now in full control of the router settings and anything on your lan network is protected from anything on the ISP router because it hooked to the wan port of your router and is considered internet.

In general that is all you need. All the traffic from your machines is likely encrypted via HTTPS so nobody in the path including the ISP can really see what you are doing. You can also use the newer feature in windows to use encrypted DNS. It is also a option in most browsers. You would set the DNS to use 1.1.1.1 and then set it to be encrypted. Since you no longer look up the names of web sites on your ISP router they can't even see the sites you are accessing. They can of course see the IP addresses which might let them figure out what site you are using but many of these just map back to large cloud data centers like google or amazon.

You should not need expressvpn unless you are using it to say get past restrictions..like you want to watch netflix in another country.

In general I would not worry much about the ISP router. Just be sure to always use HTTPS and change the DNS to something other than you ISP DNS and/or use the encryption option.

Thank you, bill001g! I've just been throttled by my ISP a few times in the past for something, even though I have unlimited data. I've never done anything illegal. So, I'll not sure why they did it, and see that as a security breach. Even if it wasn't the ISP, someone is obviously snooping in or using my wifi from somewhere. I work remotely and rely on my internet to run smoothly. That's the main issue, I suppose.

So, to be clear, if I set up my router between the AT&T router/ modem, turn off the wireless features on the ATT router, and personalize the DSN, I should be good to go? Would I need to hook up the modem to my personal router physically with CAT cable? Thanks.

 

[bill001g]

That is pretty much it. If you have the new att fiber gateway it is actually considered a very good router from a wifi standpoint. It does not have wifi6e yet but att has said that is coming "soon". It has a lot more features than most ISP gateways and has a 5gbit port if you are silly enough to pay $180/month for internet that fast.

Be kinda hard to hook your router to the att gateway with wifi when you turn off the wifi radios in the att box

There are almost no devices that can have their wan connection be wifi. Some travel routers you use in hotels are a common exception. So it is mostly as simple as hooking a cable between the lan port on the att box to the wan port on your router. The only thing you have to be concerned about is if the att router is using the same subnet as your router. So if both use 192.168.0.x you need to change the lan on your personal router to 192.168.?.x. A router will complain if its wan and lan ip blocks are the same.