I've recently upgraded to an Asus RT-AX3000 to have a home router that is WiFi 6 (a.k.a 802.11ax or WPA3) compatible.
With the upgrade I'm trying to secure the router and home network as much as possible, and learning in the process. I'm no network expert.
Because I would like to enable HTTPS login to the router with 2 home wired (i.e. J45) PCs to the router I'm thinking the Let's Encrypt alternative is the best route.
Questions:
1) How can I make sure the router connects to the internet via port 80 for domain validation and certificate renewal? See the "RT-AX3000_WAN_DDNS_tab2.jpg" image below of what I believe is the correct area to setup Let Encrypt within the RT-AX3000 which would be Advanced Settings > WAN > DDNS tab. I did do some searching and found some information about port forwarding per the URL of "https://www.asustor.com/knowledge/detail/?group_id=1006" which I do not for sure is applicable, and do not know about the NAS settings applicability.
2) How do I obtain the Let's Encrypt certificate for the router?
3) Is having port 80 open for Let's Encrpt a security issue for the home network? I did some research on this issue and did find the URL of "https://letsencrypt.org/docs/allow-port-80/" on Let's Encrypt, but would appreciate other users / experts feedback on this issue. I"m not sure my E Setting below is going to cause a problem for Let's Enrcrypt, so your feedback would be appreciated.
I've followed Asus FAQ 1039292 at https://www.asus.com/support/FAQ/1039292. What I've done so far is below. Besides the questions above I would appreciate an evaluation of what I'm attempting to do to secure the router and my home network.
A) Download and OpenVPN file from NordVPN and uploaded the VPN client file into the RT-AX3000 to provide a VPN tunnel from the router to the internet, knowing this is not going to secure WiFI connections to the router in an urban setting with a lot of WiFI around. Some streaming services do not like VPN's so occasionally I do turn the router's VPN client off, and use the NordVPN client on my Laptop either wired or with WiFI. Noting B below the problem with using NordVPN's cient on the PCs is that the Laptop's NordVPN client does override the router's DNS setting with Cloudflare.
B) Used Cloudflare for DNS using Strict rule for DoT connections on port 853.
c) Enabled AirProtection by Trend Micro.
D) Enabled the Traffic Analyzer by Trend Micro.
E) Enabled the firewall
F) Enabled Access Restrictions on the Advanced Settings > Administration > System tab per the "RT-AX3000_Local_Remote_Restrictions.jpg" image below.
Your feedback and opinions would be appreciated!
Thank You!
GoldWing
With the upgrade I'm trying to secure the router and home network as much as possible, and learning in the process. I'm no network expert.
Because I would like to enable HTTPS login to the router with 2 home wired (i.e. J45) PCs to the router I'm thinking the Let's Encrypt alternative is the best route.
Questions:
1) How can I make sure the router connects to the internet via port 80 for domain validation and certificate renewal? See the "RT-AX3000_WAN_DDNS_tab2.jpg" image below of what I believe is the correct area to setup Let Encrypt within the RT-AX3000 which would be Advanced Settings > WAN > DDNS tab. I did do some searching and found some information about port forwarding per the URL of "https://www.asustor.com/knowledge/detail/?group_id=1006" which I do not for sure is applicable, and do not know about the NAS settings applicability.
2) How do I obtain the Let's Encrypt certificate for the router?
3) Is having port 80 open for Let's Encrpt a security issue for the home network? I did some research on this issue and did find the URL of "https://letsencrypt.org/docs/allow-port-80/" on Let's Encrypt, but would appreciate other users / experts feedback on this issue. I"m not sure my E Setting below is going to cause a problem for Let's Enrcrypt, so your feedback would be appreciated.
I've followed Asus FAQ 1039292 at https://www.asus.com/support/FAQ/1039292. What I've done so far is below. Besides the questions above I would appreciate an evaluation of what I'm attempting to do to secure the router and my home network.
A) Download and OpenVPN file from NordVPN and uploaded the VPN client file into the RT-AX3000 to provide a VPN tunnel from the router to the internet, knowing this is not going to secure WiFI connections to the router in an urban setting with a lot of WiFI around. Some streaming services do not like VPN's so occasionally I do turn the router's VPN client off, and use the NordVPN client on my Laptop either wired or with WiFI. Noting B below the problem with using NordVPN's cient on the PCs is that the Laptop's NordVPN client does override the router's DNS setting with Cloudflare.
B) Used Cloudflare for DNS using Strict rule for DoT connections on port 853.
c) Enabled AirProtection by Trend Micro.
D) Enabled the Traffic Analyzer by Trend Micro.
E) Enabled the firewall
F) Enabled Access Restrictions on the Advanced Settings > Administration > System tab per the "RT-AX3000_Local_Remote_Restrictions.jpg" image below.
Your feedback and opinions would be appreciated!
Thank You!
GoldWing