How to completely secure a tp-link vr600
Typical scenario: a non technical user buys the best router he can afford plugs it in and change the settings he knows. How can i put the best use and adjust the best settings for my router's security.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hey
The first question would be is there any specific security or thing you are concerned about? Generally these devices come setup secure out of the box, however you can indeed tweak them tighter if needed
Few suggestions below
1. Check for an updated firmware, always a good idea!
2. WiFi settings. There are 2x bands on this device, 2.4ghz and 5ghz. I would recommend changing the following
On 2.4ghz
Security Version to WPA2-PSK
Encryption to AES
Change SSID and Password!
Mode to 802.11N only - NOTE - This setting will stop some much older devices connecting, but this will decrease the risk the older device pose. If you have a device that wont connect and its 10 years + old this might be the setting
5GHz
Security Version to WPA2-PSK
Encryption to AES
Change SSID and Password!
Mode to 802.11 AC/N - NOTE - This setting will stop some much older devices connecting, but this will decrease the risk the older device pose. If you have a device that wont connect and its 10 years + old this might be the setting
3. Disable Guest SSID if you fancy, its generally secure but if not needed turn off!
4. Ensure the Firewall is ON. 99% sure it will be, however just check .
I wouldnt change anything in firewall if honest
- Copy Link
- Report Inappropriate Content
Thanks a lot for your recommendations. I already did most of them with few exceptions. I forgot to make 5G ac only, I have to enable guest for the purpose of visiting friends and family although I make it hidden after them joining and not allowed to share my network, just updated to the latest firmware, the firewall was off by default but I turned it on and not sure what levels to choose low or medium or high because I heard the higher the lower the Performance and life of router. Other options I changed was turning off upnp, disabled cwva, setup router whitefish, changed passwords from the default, disabled wps, disabled remote ping and management.
The reason I became obsessed recently was because of the security cameras vulnerabilities i became aware of as well as smart TVs and what not. I was searching for a VLAN function but seems its not supported. Another thing is how to add a vpn service directly to the router to stop the crazy ads on all devices at once.
- Copy Link
- Report Inappropriate Content
Hey again
Few responses below but seems like you have it all in order :)
the firewall was off by default but I turned it on and not sure what levels to choose low or medium or high because I heard the higher the lower the Performance and life of router
The performance will slow if you have a more agressive firewall policy, but unless you are thrashing the router 24/7 this is unlikely to be an issue. I have never known a firewall setting to shorten the life of a router. I would just enable this and leave as default, unless you are confident with firewall settings its best not modifying these.
turning off upnp
While I would agree this is a very good idea, it may cause issues with XBox Live, PSN etc if that is in use. Its sadly still a commonly used feature. If you have issues with such services try re-enabling.
The reason I became obsessed recently was because of the security cameras vulnerabilities i became aware of as well as smart TVs and what not
If this is the main driving factor, then its a Firewall / IDS features that are most important part for you. That sadly is the problem with such technology (IOT) that they are a risk as time progresses and firmwares become old. Moving them onto the guest / WAN only network is a good idea, that way they are segmented completely from the main home network. I have 3x SSIDs myself, one for home, guest and IOT. IOT and Guest are direct to internet only, nothing local side.
Another thing is how to add a vpn service directly to the router to stop the crazy ads on all devices at once.
The VR400 only works as a VPN server and not a VPN client. This will also massively restrict the speed of your connection by doing this. If you are getting Ads then its better to find the port or URL source and block it that way. I cant say I have heard anyone else report this before, you have me curious :)
I was searching for a VLAN function but seems its not supported
VLANS are a business grade option and not something that is generally supported at Home Grade hardware. I use VLANs for the 3x SSIDs mentioned earlier to segment traffic.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Hey again
Some more answer for you :)
So can we think of the guest network as a vlan to the main network and function in the same way?
Yes in a matter of speaking. The Guest network is on the same VLAN as the home network (VLAN 0) however its got Access Controls in place to segment that traffic from the home traffic if you tick the box to do so. This is a good way to keep IOT and other such things from having any access to your network, they still get an IP but can only go to the internet.
If not then one should go buy a managed switch which would cost the same as the router itself if not more to make a vlan.
VLANs are not just router technology, you also need a switch and APs that are capable of handling the VLANs. If you want VLANs you would likely need a Router (TL-R605), Manage Switch (2008), Access Points (EAP225) and a controller (OC200) to be able to recreate what you have in one device.. however as it business grade the functionality and specification is much higher as a result. Those 4x devices would cost around £250 / $320 US.. or equilivent in your local currency.
One other question i forgot was how to secure the ftp server over the internet?
Hard one as its not designed to secure FTP. If I was you, setup up FTP for local only and have the users VPN into the router and access that way. Its the safer option.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Information
Helpful: 1
Views: 1366
Replies: 6