Have you ever called the ISP for a problem with your internet and while troubleshooting you hear – “I see you have 2 or more devices connected to the router and a laptop, is that Correct?”

That! is prying eyes. I am not saying that they can access the devices on your network or can they? That is quite the debate.

How can you secure it?

It’s actually quite simple if you have the right equipment or have some advanced knowledge. Most people I know completely trust their ISPs. But I don’t.

First of all:

  1. Always change the default password of the router – Don’t have it – Call and ask! (192.168.100.1 or 192.168.1.1 is the default IP if you need it.)
  2. Change the wireless password – It’s there on the box and at the back of the router. Never keep the default.
    • Go to WLAN Section
  3. If you’ve got the skills, change your local IPs to something different, although having access to the router, ISP will see every configuration on the router!
    • Go to LAN Section

Those are basic security but if you want to really secure your network – Try this

What you need:

  1. Some Basic IT Skills
  2. A Wireless Router.
  3. A RJ-45 Cable.

How to setup it up?

  1. Setup your new router – Most routers come preconfigured and are ready to use, so you might just need to change the default password and enable the WiFi with your desired configuration – WPA2 or WPA3 recommended. I personally use a TP-LINK Archer C2300 bought from Amazon US. Change the IP address for your local network if possible.
  2. Once your router is setup, find the perfect place for it. Take the RJ-45 cable and plug it into any port of the ISP router and the other end in the WAN port of your new router. This is very important else you will just be extending the ISP router.
  3. Connect to your new WiFi and make sure that you can access the internet. Check the speed and you should be good. If you are using a tp-link router, there is an app called Tether that can be used, it allows for speed testing and wireless configuration from the app.
  4. Connect to your ISP router (192.168.100.1 or 192.168.1.1) , find the wireless section and disable it (you won’t need it as your new wireless router will be providing WiFi). Limit the number of IP the ISP router can lease, I have it to 2 (for TV purposes).
    • Go to WLAN and Unselect Enable WLAN
    • Go to LAN and Select DHCP Server configuration, Set the Start IP and End IP Address.
    • If you go back to the Status page and Select DHCP Information, you should see only 1 IP listed – the new wireless router.
  5. Reconfigure all your wireless devices to use the new WiFi
  6. Voila! you now have a wireless network secured from your ISP.

The technical stuff

I strongly believe that privacy on my home network is a must, I have many smart devices in my house including Alexa, Hue and others and I just want to keep them as safe as possible from prying eyes.

From the opening lines of this post, I was not comfortable at all knowing that my ISP was able to see stuff on my home network, it kinds of invade my privacy right there – not knowing what they can see or access. From my understanding talking with them, it seems that every client or subset of clients is part of a network VLAN which defines what the can all access. From my knowledge if anyone is on the same VLAN as me and if I am not protected, they should be able to access my stuff.

Hence the decision for me to secure my network, in order to access or see anything pass my wireless router, the person would need to know the IP of my inside subnet and the password to get on the wireless router. Note that the router here has inbuilt firewall protection, anti-spam and anti-virus. I do feel quite protected .

The next improvement would be to add an internal firewall. Firewalla seems to be a good fit.

The Cons

The only downside of this configuration right now is double NAT. It does not bother me as I no longer have any inbound services or NAT rules, but if you decide to follow the above, take that into consideration.
I do play online through my xBox and see no real latency.