2

I have an ASUS RT-AC68U router.

  • I flashed the latest Merlin firmware (from the official Merlin site).

  • I have disabled the AI-cloud.

  • I have 2.4 and 5Ghz WiFi enabled, and it's not hidden, both with a good password.

  • When guests come over I turn on guest wifi, otherwise it's turned off.

  • Firewall is on.

  • I have switched from standard class c (192 IP) to class b (172) subnet.

Is this above all good? Any tips about better secure and/or increase performance? I already have good wifi channels.

FireWall NAT Loopback, should I turn that off?

schroeder
  • 123,438
  • 55
  • 284
  • 319
DumbEngineer
  • 29
  • 1
  • 2
  • 1
    You are going to have to define what "all good" means. Also, this is not the place for comments on performance enhancements – schroeder Oct 21 '17 at 10:15
  • Only if you continually check the support site for firmware updates. For example, some pretty bad security vulnerabilities were found and fixed in version 3.0.0.4.384.32738: https://www.asus.com/us/Networking/RTAC68U/HelpDesk_BIOS/ – Mira Weller Nov 03 '18 at 15:14
  • Sadly, ASUS doesn't seem to have any auto update or update notification in their network stuff. – Mira Weller Nov 03 '18 at 15:15

1 Answers1

0

The RT-AC68U is a pretty good consumer grade router out the box but there are a few things you need to do to tighten it up.

  • Disable UPnP. This is perhaps the biggest hole it has as standard. If you really need port forwarding set it up manually
  • Make sure you disable WPS, it is much easier to break into your WiFI with this enabled
  • Make sure you change not only the WiFI network password but also the router login username and password
  • Switch on AI Protection. While far form perfect it will give you an additional layer of browsing security as it runs its own dynamic site blacklist
  • Add MAC address filtering so only whitelisted devices can join your network
  • Make sure remote admin is switched off (if practical)
  • It supports WPA2 Enterprise, there is more to set up but if you want better per user encryption it is worth it

Also I am not 100% sure why you switched to a class b network space. I can see not benefit to this for a home network.

Consider running https://www.grc.com/shieldsup against your set up or even better run nmap against your gateway to find out if there are any rouge ports open.

question: FireWall NAT Loopback, should I turn that off?

See here for details: Is NAT Loopback on my router a security problem?

TrickyDupes
  • 2,809
  • 1
  • 13
  • 27