I configure a custom DNS provider on the router to block most ads and trackers and sites with malware or other garbage for all connected devices. Here’s a good list, I’m currently using ControlD:
Of course by “blocking” it just means that it doesn’t allow software to locate the IP address of the offending domain names, like removing their name from the phone book. The number (IP address) can still be reached, but it wouldn’t happen by accident.
Thanks, this is exactly the type on info I need to review that I would probably not search for otherwise.
I should add that another nice feature offered by Fing/FingBox is that it provides the network owner the ability to make network adjustments, such as the SSID's broadcasted signal strength, that the ISP, such as Comcast/Xfinity blocks from its customers on their ISP-provided router's web interface.
Where does VPN come into play with all of this?
Can you be more specific please!
My router mfg (ASUS) website has articles on settings to use or not to use with the best security in mind. I have followed that.
Things like:
No remote access allowed to router admin
Guest network, which I disable when no guests are about
The firewall is on
The included security system is turned on (ASUS AiProtection)
To reach the router admin page one must use https to log in. The “https” must be manually entered. and then the port # must be added. This is probably more caution than what is needed.
I think there are other things that were suggested but once done I forget about it.
The router firmware is on auto-update. I used to do everything manually, but I set this to auto a while ago. My thinking to change to auto-updates on many things has been influenced by my getting older. My wife is not techno oriented. If I die before her, then auto-updates make her more secure without needing another chapter in my “how things work and what needs to be done” manual for all our stuff.
And we have a VPN.
VPN = a sort of invisibility. Outsiders know you are there but may not even be able to narrow down the general location with accuracy.
VPN as advertised is 95% snake oil. Oh, we already had a thread about it.
If you’re using a home router to get access to the Internet, you are already pretty well protected. From the outside there’s just a single IP address. All devices connected to your router have their own IP address in a local subnet. If someone from the outside wants to access a specific device, the request must be forwarded explicitly by the router to your device. This is what “port forwarding” is doing. Your day-to-day connections are established using something called NAT (network address translation) so that responses to your outgoing traffic are routed to the correct device. Additional “firewalls” in the router mostly block specific outgoing traffic.
So the only possibility for someone from the outside to “hack” into your local network is by exploiting a vulnerability of your router. The other attack vector is by infiltrating your local network from the inside: By installing malware on your PC (or IoT devices!) they have complete access to your local network and can establish connections to the Internet (which are then bidirectional).
Thus:
Thanks Don. Can I assume that your router is not ISP-provided? If you don't mind, how much does a residential router with that level of security settings adjustability cost?
Its kind of funny, but also kind of sad that I'm also preparing for the inevitable by regularly updating a 'manual for what comes after'!
I also have a VPN, but only on my device. I'm considering changing it to the router instead, and would therefore like to hear the pros & cons between them.
Yes, we own both our modem and router. $279 for the RT-AX88U router when I bought it. I believe many, if not all, of the less costly, mid-range ASUS have much the same options and settings.
As SammyHP stated, a VPN is probably not needed on one’s own home network. But old habits die hard. One was required for work/travel, pre-retirement.
I think I've said this before, but nice router!
I have a couple of similar ones and they have great range. 
Thanks for all the info SammysHP!
For reasons I won't get into here about the possibility of a single device being accessed from within our LAN, can you suggest what we can look for to determine if someone has definitely gained the ability to remotely access a device?
Also, could someone who wants to remotely access one person's device for the nefarious purpose of spying, do so by installing either spy software or malware onto the PC of a different, unsuspecting person who shares that same LAN?
I dont really use wifi.
Though ! my CCTV box are connected to a wifi router so i can get notifications on a bedside tablet, i can also connect that to my internet router and so get notifications on my phone while i am out, but really i see no reason for that.
For internet, well i use cables, even on my laptop
I do have VPN though, but it take a severe toll on my internet speed cutting 90% off the top of my DL speed, sending me back to speeds i have not had for decades.
Microtik is great but extremely difficult to buy as they are based out of Europe and exports are limited.
There is some way to have wifi where people can’t see it with their device. They have to input the exact name and password. Oh and your password should be 100+ characters with symbols, numbers, upper and lower case letters, and some foreign letters which can be used by doing alt codes. Change the password once a week or month.
Normally I’m like the champion of using other people’s wifi but I never hack to do it. Some time ago, like a really long time ago I watched Daily Show or Colbert Report and it covered a man getting a hacking charge for using free wifi at a business but he was like in the parking lot. Being prealerted to this I always go inside a business and make myself a customer by purchasing some cheap item which I leave on the table with the reciept for it and any other type place I ask someone for the password. I always gain consent to use the wifi and it usually isn’t a problem. Once though as soon as I finished a meal they cut off the wifi. There was little I could do but head down the road to another cafe.
For security reasons I use a laptop with Tails operating system but you could use any linux with a VPN or Tor in case the place is compromised.
Huh, weird, I’ve never had any trouble obtaining them.
Everything else regarding internet connectivity is of far greater concern than WiFi with its limited physical footprint. That 2.4/5/6GHz signal only goes so far - in my case ~100m outdoors best case. Sitting in a standalone detached structure I see perhaps a dozen actual unique APs; when I lived in an apartment 15 years ago I also saw about that many - nowadays I’m confident that the count would be significantly greater.
I’m using a Ubiquiti router + AP and WPA2 (no WPS) with a reasonable password and go to no other great lengths to secure the wifi. Otherwise I use ethernet for stationary devices whenever possible - workstations, printers, NAS, cameras, TVs - which provides for an additional modicum of security but mostly for the reliability and performance. I’ll install another AP someday which will likely reduce the transmit power for all devices.
I’m not concerned about wardriving. Single-family detached suburbia has low AP density and - short of scamming some free internet access - not particularly rewarding. An apartment complex or office park are more target-rich and potentially profitable environments, respectively, with the latter almost certainly the subject of routine probing given the potential rewards for those seeking more than just free connectivity.
How’s Ubiquiti working for you? I’m generally happy with MikroTik, but the other brand I would consider is Ubiquiti. How long do they support their devices for, especially the less expensive consumer / SOHO class ones?
I’m liking it, but I’m definitely on the home gamer side of the spectrum and haven’t dug too deeply into the features yet. I splurged on the Dream Machine Pro SE gambling that would buy a longer feature compatibility if not support period. Unfortunately the appeal of Ubiquiti to the freelance network/systems IT and guerilla ISP demos seems to have fallen off a cliff as engineering talent has vacated the company.
I contemplated MicroTik when I was shopping last year but a combination of friends that had good experience with Ubiquiti and rants about the MicroTik UI pushed me to Ubiquiti. On the latter point I perhaps should not have been swayed - I’m not exactly a stranger to CLIs and hot mess network EMS GUIs at work.
Amazon only sells though third party dealers, often over list price to compensate for hight shipping from Europe. Other than that you need to go through a VAR or something like.
Go to their web site and check for dealers. 90% are in Europe and Asia.
Yeah, they definitely don’t do a lot of hand-holding, but I’d say that the GUI is at least consistent and extremely comprehensive. And it’s actually very well done in the sense that the web GUI exactly mirrors the structure and workflow of the SSH shell: by category, then sub-categories, options, and the option values; so everything that can be performed on the command line can be done in the GUI and vice-versa. I use some of the more advanced functions that a consumer router couldn’t even dream of performing, so I’ve learned to deal with some of the complexities, but they have a Quick Setup section in the GUI that takes care of 99% of the SOHO usage scenarios.