SIGforum
Network Gurus - Router Security Question

This topic can be found at:
https://sigforum.com/eve/forums/a/tpc/f/320601935/m/1810049684

November 20, 2021, 09:05 AM
erj_pilot
Network Gurus - Router Security Question
Top o' the marnin'!! Really simple question this morning...

I have a Netgear AC1900 R7000 Router. I'm going through some small reset procedures and have a choice of Security Options:

WPA2-PSK [AES] or
WPA-PSK [TKIP] + WPA2-PSK [AES]

I understand WPA2-PSK is more secure, but does choosing the second option, which combines older security protocol to newer, diminish the security of the router? Would it be best to just go with [AES] alone, or will it matter?

Thank you, collective hive!!! Smile

Coffee time!!!


"If you’re a leader, you lead the way. Not just on the easy ones; you take the tough ones too…” – MAJ Richard D. Winters (1918-2011), E Company, 2nd Battalion, 506th Parachute Infantry Regiment, 101st Airborne
"Woe to those who call evil good, and good evil... Therefore, as tongues of fire lick up straw and as dry grass sinks down in the flames, so their roots will decay and their flowers blow away like dust; for they have rejected the law of the Lord Almighty and spurned the word of the Holy One of Israel." - Isaiah 5:20,24
November 20, 2021, 09:11 AM
smschulz
quote:
Would it be best to just go with [AES] alone, or will it matter?


Yes do only AES
More secure and faster otherwise the alternative will allow lesser protocols and also slow you down.
November 20, 2021, 09:15 AM
erj_pilot
Gracias, amigo!!! AES it is, then!!




"If you’re a leader, you lead the way. Not just on the easy ones; you take the tough ones too…” – MAJ Richard D. Winters (1918-2011), E Company, 2nd Battalion, 506th Parachute Infantry Regiment, 101st Airborne
"Woe to those who call evil good, and good evil... Therefore, as tongues of fire lick up straw and as dry grass sinks down in the flames, so their roots will decay and their flowers blow away like dust; for they have rejected the law of the Lord Almighty and spurned the word of the Holy One of Israel." - Isaiah 5:20,24
November 21, 2021, 07:14 AM
henryaz
 
More security: If the router has any firewall capability, turn off access to the router from outside your network. The default passwords for consumer routers are well known, and even if you set your own password, most are easily hacked.


When in doubt, mumble
November 21, 2021, 06:43 PM
wrightd
How do you do that, what feature nomenclature to look for in the router admin pages ?



Lover of the US Constitution
Wile E. Coyote School of DIY Disaster
November 22, 2021, 06:20 AM
henryaz
quote:
Originally posted by wrightd:
How do you do that, what feature nomenclature to look for in the router admin pages ?

In my Zyxel vdsl modem, it is under Advanced/Remote Management.


When in doubt, mumble
November 22, 2021, 10:08 AM
smschulz
Most configuration access from the outside is turned off by default.
Usually found on the management page and will say something about remote configuration or access and can manually enable.
November 22, 2021, 07:22 PM
wrightd
Oh you mean disabling wifi admin, requiring a cable only. I didn't know that was a firewall thingy.



Lover of the US Constitution
Wile E. Coyote School of DIY Disaster
November 22, 2021, 08:46 PM
smschulz
quote:
Originally posted by wrightd:
Oh you mean disabling wifi admin, requiring a cable only. I didn't know that was a firewall thingy.

No, I believe he is talking about remote configuration of the device from the internet.
Leaving access only from the LAN side.
Not a wifi thing.
November 23, 2021, 05:21 PM
wrightd
Ok. Thanks.



Lover of the US Constitution
Wile E. Coyote School of DIY Disaster