-1

I'm in Australia, I have "Fiber To The Home". This passes through the NBN box on the outside wall, to the NBN modem inside the wall, and thence to my mid-range ASUS AC1900 Dual Band router. Firmware has been upgraded to 2020-ish but I intend to upgrade to the latest in a couple of weeks.

All known devices/MAC adresses have been itemised in the DHCP. Some of these are WiFi connections. I do not use the WPS button at any time, ever. NAT is on, UpnP is off. Port Forwarding is on, NAT Passthrough is off.

The Admin password is (IMHO) reasonably strong, >10 characters @ 96 density (soon to be upgraded, will be longer), the PSKs very much stronger. All are randomly generated in my spreadsheet. The router is routinely offed for 10 minutes at the end of every month.

Is there anything I need to do to improve security against external attackers that does not involve air-gapping the router from the real world?

Thank you for the interest you have shown. I have learnt a few things I did not know before, and the security solutions are nowhere near as fearsome as I had imagined.

Improve this question
10
  • Turn off remote access except if you need it for a special time.
    – anon
    Commented Feb 19 at 15:15
  • Aaahh, would that be Windows Remote Access? If so, I've never had it switched on, too dangerous.
    – Some Bloke
    Commented Feb 19 at 15:26
  • 1
    No, remote administrative access to the router. Usually allows connecting to the router from outside, eg. from the wan port.
    – LPChip
    Commented Feb 19 at 15:26
  • 1
    To start with: What kind of external attackers? One who's on the other side of the internet, or one who's sitting in a car in your street? One who's trying to hack you specifically, or one who's just randomly poking at anything that comes up?
    – grawity_u1686
    Commented Feb 19 at 15:38
  • 1
    I would not rely on UPnP being off for being protected against remote access to the web console. If there's an option to disable it, disable it. A bug in the firmware or something else might still work without you knowing.
    – LPChip
    Commented Feb 19 at 15:40

1 Answer 1

Reset to default
1

You can do a few things to increase router security:

  1. Disable remote administration - Only people inside your network can change it's settings
  2. Use strong passwords - Changing as often as you feel is needed
  3. Make sure your router's firmware is up to date and still under support. If not, you could be vulnerable to exploits
  4. Enable MAC address filtering - If supported by your router, only known MAC addresses can connect to it
Improve this answer
1
  • 2
    Some routers also allow disabling admin on the Wi-Fi interface.
    – Andrew Morton
    Commented Feb 19 at 16:43

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .