Replies

Definition: Backhaul is the connection between the main router and the satellite device(s). Both AmpliFi and Velop support Ethernet for backhaul. If using wireless backhaul, AmpliFi lets you chose the frequency band, Velop does not. More on mesh routers here  https://www.routersecurity.org/MeshRouters.php

Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

1 user thanked author for this post.

NetDef

To me, speed is not a reason to pick a DNS provider. I prefer to go by safety. Still, I agree with your short list of DNS providers. All should be better than DNS from an ISP or from a coffee shop or hotel.

Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

Just curious. Why suggest Google DNS rather than OpenDNS?

Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

1 user thanked author for this post.

NetDef

There are many websites, mostly from VPN providers, that will test and report the DNS servers your computer is using. A list is here

https://www.routersecurity.org/testdns.php

Certainly a good thing to check when traveling.

Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

2 users thanked author for this post.

Lugh, NetDef

Three Windows 7 machines were fixed by updating definitions to  1.289.1587.0.
However, a 4th machine can not update the malware definitions.
Error code: 80070422
Error text: The update service can’t be started because its been turned off by the security administrator or because of a problem in the registry data
Rebooting did not help. Not sure what service “the update service” refers to.

Update: Fixed.
The Microsoft antimalware service was running, as it should be
The Windows Defender service was set to manual and was not running.
When I started it, it stopped immediately with a note that this is normal.
Un-installed MSE
Tried to re-installed MSE but it failed with error code: 8004FF82
Rebooted
Downloaded MSE again … and this time the install worked and definitions were updated.

Whew.

Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

1 user thanked author for this post.

alQamar

I ran a Quick Scan with MSE on three Windows 7 machines. On each machine the scan crashed and it complained that the service had failed. Tons and tons of errors on the Event Log. Restarts back to normal just fine.

Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

You are correct that hiding your network name (SSID) offers very little security. On other hand, if you have very few wireless devices, then the aggravation factor is low, so it might well be worthwhile.

As for WPA2/AES its fine, but only if you use a long password. The minimal 8 character password is vulnerable to brute force guessing. This will not be true with WPA3 in the future. I suggest a password that is 14 or 15 characters long. No need for totally random junk, three words and a number should be fine. For more see

https://www.routersecurity.org/wepwpawpa2.php

Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

To be clear, your upload speed is sometimes 75Mbps and other times less than 1Mbps.

If this is the case, I would replace the router. If the problem continues, it is not in your home but somewhere in your neighborhood. FYI: never test speeds on a Wifi connection, ethernet is much more reliable.

Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

Here in the US, ISPs are monopolies almost everywhere. Thus, no need to do a good job. That so few people understand the technology just adds to their ability to do as little as they can get away with.

Your points are valid, of course, and its even worse. Since IPSs give out so many of the same devices, bad guys will naturally target them as they offer more bang for the buck. A buggy router used by very few people is safer than a buggy router used by millions.

Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

3 users thanked author for this post.

rc primak, Myst, ve2mrx

Many routers/gateways do not allow you to change the logon userid. In this case, the new router that Spectrum installed always and only uses user “admin”. You can only change the password.

Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

5 users thanked author for this post.

JSTechGeek, rc primak, Myst, GoneToPlaid, columbia2011

To be clear, UPnP was never meant to exist on the WAN side of a router/gateway. This was a HUGE mistake that was noticed a few years ago by Rapid7 which found many millions of devices doing UPnP on their WAN side. HUGE mistake. The standard UPnP on/off control in a router is only meant for the LAN side.

FYI: There are more external tests you can run on your router/gateway here  https://routersecurity.org/testrouter.php

Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

6 users thanked author for this post.

rc primak, Myst, ve2mrx, NetDef, SueW, Microfix

Devices on the LAN can talk UPnP to each other, without the router/gateway being involved. Enabling UPnP in a router is just asking for trouble, especially considering the poor security of so many IoT devices.

Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

4 users thanked author for this post.

NetDef, Microfix, ve2mrx, AlexEiffel

FYI. There are four ways to get new DNS servers

1. Connect to a VPN
2. Modify your computer (as Woody shows above for Win10)
3. Modify your router
4. If you computer does Wifi, connect to a different Wifi network. If you have access to a phone that can create a hotspot (many can) then connect the computer to the WiFi hotspot created by the phone. Or, coffee shop. That said, a phone hotspot is not the best option for HUGE downloads.

Also, verify that the change worked by checking a couple of the services listed here

https://www.routersecurity.org/testdns.php

to see what your DNS servers are before and after.

Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

3 users thanked author for this post.

rc primak, Woody As an _MVP, Elly

Mis-understanding. These dozen services do not test if a DNS server is good or bad, they simply test what your current DNS server(s) are. If the problem is indeed with some DNS servers, knowing good ones and bad ones is helpful to everyone.

Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

Connecting to a VPN should also change your DNS servers while you are connected.

Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com