So I have no networking experience. I’ve just been reading a lot and in the process confusing myself. I want to know what the process is like to just set up the router and make it safe out of the box? I want to set up vlans and separate my devices but I’m scared of messing it up and leaving my network vulnerable. At this point I’ll settle for putting my PC on main network and everything else on guess network until I can figure out vlans. I have questions though for instance if I connect the router directly into my PC via Ethernet cable, does that mean I’m on vlan 1? Will the devices on guess network see each other? Will devices on guess network see my PC if it is on main network? How would I explicitly limit communication of the devices in firewall? How do vpns work with this router? I read if you set up the VPN through your router, your ISP can still see what you’re doing, is this true? Do I choose my own VPN or does it come with router? And then what about DNS? Does it come with options or is that something I set up myself? Sorry for the long post but I really am not sure about any of this and just need all the help I can get!
So long as you leave your WAN on NAT mode (default) and use strong WIFI passwords you are already pretty secure in my opinion. You would need to be actively targeted by someone very enthusiastically to be at risk.
That said, there is of course always more than can be done to improve your security. Michael Horowitz wrote the original and best beginners guide for this on his blog. The link is below. Its for a SOHO device (the B One version is in draft) but the UI is very similar.
Hi Alice,
It’s not as scary as you think. You are right to want to use VLANs to separate the user or machine types who connect to your router.
You might want a Guest VLAN - so if someone comes to the house and wants to hop on your internet, you tell them the password and they can do that. This VLAN, like you assume, should not be allowed to talk to the other VLANs on your network.
Depending on who is in your house, you might want one network for the whole household to use, or you might want to separate VLANS into one for work (for example) is you are a Work from Home person, and one for the rest of the house (or maybe a “Kid” VLAN so you can sort of control what they are up to). Another common VLAN is one that keeps all the “smart devices” separate from house users - or an “Internet of Things” VLAN, because those are always sending information back to the Internet.
Michael Horowitz’s guide is a great place to start. As Martin says, if the first thing you do is create a strong WiFi password, you can start to work on your configuration step-by-step to make it even stronger, without worrying too much about the bad things that can happen immediately.
I’d suggest working through that “Initial Configuration” step-by-step (there are lots of pictures for guidance), then popping back here when you can’t figure out how to do something (rather than worrying about trying to do everything all at once). You’ll gain more confidence as you go.
The best thing to protect yourself in the meanwhile is to use common sense when using the web or email (and don’t go clicking on random stuff!). If you’re concerned about that, you might find a local class or seminar on cybersecurity that will help you figure out how to be safer on the Internet (perhaps your library, or AARP, your local police, or a community college would have some free class).